Firewall Wizards mailing list archives
Query: NMAP SCAN of Priveleged Ports on a DLINK G624T
From: william fitzgerald <wfitzgerald () tssg org>
Date: Tue, 08 May 2007 13:19:31 +0100
Dear Firewall Guru's, My network is protected by a DLINK G624T broadband router (Budget constraints). Default policy is to DENY incoming, ACCEPT outgoing and I have firewall features to stop DoS and spoofing enabled on firewall. Note: in this email i refer also to Small Business Server as extra information to my NMAP scan and possibly its role in running unwanted services. QUESTION: Am I open to exploits? What does it mean to be "filtered"? See below for details. NETORK TOPOLOGY: +++++++++++++++ SOHO DLINK-G624T ADSL (4-port router and firewall) ---> external SBS NIC 1 -----> internal SBS NIC 2 ------> two PC's Note: no port forwarding from DLINK to SBS external IP set up for external network access. NMAP SCAN: ++++++ I ran an external nmap scan (from another network) on my networks public static IP address for ports 0 to 1025 and the results where as follows: nmap -sT -p 0-1025 -PT MYIPAddress Interesting ports on MYIPAddress.ISPProviderDomain (MYIPAddress): Not shown: 1014 closed ports PORT STATE SERVICE 21/tcp filtered ftp 23/tcp filtered telnet 80/tcp filtered http 110/tcp filtered pop3 119/tcp filtered nntp 443/tcp filtered https 465/tcp filtered smtps 500/tcp filtered isakmp 501/tcp filtered stmf 873/tcp filtered rsync 993/tcp filtered imaps 995/tcp filtered pop3s Nmap finished: 1 IP address (1 host up) scanned in 13.582 seconds NMAP QUESTION: Am I open to exploits? What does it mean to be "filtered"? Are these nmap guesses that certain ports may be used or open? ASIDE: DLINK has firewall capabilities but i wonder if i can add to the security of this by activating possibly an inbuilt firewall on the SBS standard server? MY CONCERN: ++++++++++ I do not run for example the insecure telnet or in fact any of these nmap detected services publicly/remotely (nor internally that i am aware of). I don't even use SBS as a mail server at the moment. Both client PC's fetch email directly into thunderbird clients from the external web and mail hosting provider. SBS was given the 2 DNS ip addresses from broadband service provider. SBS is not a DNS server, its more a relay i guess for client requests. So I wonder does SBS standard edition by default run these services even though they are not needed? The DLINK G624T has a firewall policy of DENY all incoming and ACCEPT all outgoing. Hence, I wonder does SBS say, i want to run services XYZ and the the firewall says "ok, i'll open these ports as SBS is trusted and is internal to the network"? Note: that both PC clients also run Skype. Maybe i should not run Skype! Any comments welcomed. regards, Will. _______________________________________________ firewall-wizards mailing list firewall-wizards () listserv icsalabs com https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Query: NMAP SCAN of Priveleged Ports on a DLINK G624T william fitzgerald (May 09)