Re: nmap on the internal interface of a PIX

["Robert Collins" <robert.collins () itdomain com au>]

Did you nmap from behind the packetshaper? Try directly against the pix if
you can.

NMap may be picking up the filtering of the packetshaper

Rob

----- Original Message -----
From: "Daniel Monjar" <dmonjar () orgtek com>
To: <firewall-wizards () nfr net>
Sent: Wednesday, September 13, 2000 3:52 AM
Subject: [fw-wiz] nmap on the internal interface of a PIX


> The latest PIX threads got me poking at mine.  When I run nmap
> against the internal interface I see:
>
> [dmonjar@monjard ~]$ nmap 10.155.1.49
>
> Starting nmap V. 2.53 by fyodor () insecure org ( www.insecure.org/nmap/ )
> Interesting ports on pix.orgtek.com (10.155.1.49):
> (The 1515 ports scanned but not shown below are in state: closed)
> Port       State       Service
> 23/tcp     open        telnet
> 194/tcp    filtered    irc
> 1467/tcp   open        csdmbase
> 5631/tcp   filtered    pcanywheredata
> 5632/tcp   filtered    pcanywherestat
> 6000/tcp   filtered    X11
> 6667/tcp   filtered    irc
> 65301/tcp  filtered    pcanywhere
>
>
>
> I get nervous when I see anything with 'pcanywhere' in the string.
> Any idea why they're there?  There are no conduits for those ports
> configured and I have a filtering device (PacketShaper from Packeteer)
> sitting on the internal interface between the PIX and the network that
> excplicits discards pcanywhere stuff.
>
> --
> Daniel Monjar (mailto:dmonjar () orgtek com)
> "Meddle not in the affairs of dragons,
>  for you are crunchy and taste good with ketchup."
>
>
> _______________________________________________
> Firewall-wizards mailing list
> Firewall-wizards () nfr net
> http://www.nfr.net/mailman/listinfo/firewall-wizards


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards