RE: nmap on the internal interface of a PIX

[Keith Morgan <kmorgan () imixinc com>]

in nmap, by default, 'filtered' means the firewall did not respond.  Open
means the port is listening, nothing means the connection was refused, and
'filtered' generally means the packet was dropped.

-----Original Message-----
From: Daniel Monjar [mailto:dmonjar () orgtek com]
Sent: Tuesday, September 12, 2000 12:52 PM
To: firewall-wizards () nfr net
Subject: [fw-wiz] nmap on the internal interface of a PIX


The latest PIX threads got me poking at mine.  When I run nmap
against the internal interface I see:

[dmonjar@monjard ~]$ nmap 10.155.1.49

Starting nmap V. 2.53 by fyodor () insecure org ( www.insecure.org/nmap/ )
Interesting ports on pix.orgtek.com (10.155.1.49):
(The 1515 ports scanned but not shown below are in state: closed)
Port       State       Service
23/tcp     open        telnet                  
194/tcp    filtered    irc                     
1467/tcp   open        csdmbase                
5631/tcp   filtered    pcanywheredata          
5632/tcp   filtered    pcanywherestat          
6000/tcp   filtered    X11                     
6667/tcp   filtered    irc                     
65301/tcp  filtered    pcanywhere              



I get nervous when I see anything with 'pcanywhere' in the string.
Any idea why they're there?  There are no conduits for those ports
configured and I have a filtering device (PacketShaper from Packeteer)
sitting on the internal interface between the PIX and the network that
excplicits discards pcanywhere stuff.

-- 
Daniel Monjar (mailto:dmonjar () orgtek com)
"Meddle not in the affairs of dragons, 
 for you are crunchy and taste good with ketchup."


_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards