Firewall Wizards mailing list archives

Previous By Date Next
Previous By Thread Next

Query: NMAP SCAN of Priveleged Ports on a DLINK G624T

From: william fitzgerald <wfitzgerald () tssg org>
Date: Tue, 08 May 2007 13:19:31 +0100
Dear Firewall Guru's,

My network is protected by a DLINK G624T broadband router (Budget 
constraints). Default policy is to DENY incoming, ACCEPT outgoing and I 
have firewall features to stop DoS and spoofing enabled on firewall.

Note: in this email i refer also to Small Business Server as extra 
information to my NMAP scan and possibly its role in running unwanted 
services.

QUESTION:
Am I open to exploits? What does it mean to be "filtered"? See below for 
details.

NETORK TOPOLOGY:
+++++++++++++++

SOHO DLINK-G624T ADSL (4-port router and firewall) ---> external SBS NIC 
1 -----> internal SBS NIC 2 ------> two PC's

Note: no port forwarding from DLINK to SBS external IP set up for 
external network access.

NMAP SCAN:
++++++
I ran an external nmap scan (from another network) on my networks public 
static IP address for ports 0 to 1025 and the results where as follows:
nmap -sT -p 0-1025 -PT MYIPAddress

Interesting ports on MYIPAddress.ISPProviderDomain (MYIPAddress):
Not shown: 1014 closed ports
PORT    STATE    SERVICE
21/tcp  filtered ftp
23/tcp  filtered telnet
80/tcp  filtered http
110/tcp filtered pop3
119/tcp filtered nntp
443/tcp filtered https
465/tcp filtered smtps
500/tcp filtered isakmp
501/tcp filtered stmf
873/tcp filtered rsync
993/tcp filtered imaps
995/tcp filtered pop3s
Nmap finished: 1 IP address (1 host up) scanned in 13.582 seconds

NMAP QUESTION:
Am I open to exploits? What does it mean to be "filtered"? Are these 
nmap guesses that certain ports may be used or open?

ASIDE:
DLINK has firewall capabilities but i wonder if i can add to the 
security of this by activating possibly an inbuilt firewall on the SBS 
standard server?

MY CONCERN:
++++++++++
I do not run for example the insecure telnet or in fact any of these 
nmap detected services publicly/remotely (nor internally that i am aware 
of). I don't even use SBS as a mail server at the moment. Both client 
PC's fetch email directly into thunderbird clients from the external web 
and mail hosting provider.

SBS was given the 2 DNS ip addresses from broadband service provider. 
SBS is not a DNS server, its more a relay i guess for client requests.

So I wonder does SBS standard edition by default run these services even 
though they are not needed?

The DLINK G624T has a firewall policy of DENY all incoming and ACCEPT 
all outgoing. Hence, I wonder does SBS say, i want to run services XYZ 
and the the firewall says "ok, i'll open these ports as SBS is trusted 
and is internal to the network"?

Note: that both PC clients also run Skype. Maybe i should not run Skype!

Any comments welcomed.

regards,
Will.
_______________________________________________
firewall-wizards mailing list
firewall-wizards () listserv icsalabs com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Previous By Date Next
Previous By Thread Next

Current thread: