[fw-wiz] False results to DMZ
- From: "David U. Haltinner" <dhaltinner@xxxxxxxxxxxxxxxxx>
- Date: Fri, 20 Jan 2006 09:14:24 -0600
First off, the DMZ is setup with virtual interfaces (PIX), and the
scanning source is inside. The firewall allows anything IP from this
scanner. If I scan most of the DMZ's, I get normal results, with all of
the scans.
Using NMAP, If I scan one specific DMZ, I only get results with the SYN
scan and TCP window scans, AND it says every port is open (what the
firewall allows). Cisco support is not being helpful. Does anyone have
any idea why this is? It's weird. Im trying to automate Nessus against
the DMZ servers, and its giving too many false positives about open
ports.
I have taken packet traces, and the only thing weird is that I am
getting an ACK back for eveyr port, but they are Zero Window (TCP Window
Scan brings back every port open).
Any ideas?
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- RE: [fw-wiz] False results to DMZ
- From: Paul Melson
- RE: [fw-wiz] False results to DMZ
- Prev by Date: Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
- Next by Date: [fw-wiz] Why are developers choosing to...
- Previous by thread: [fw-wiz] Network Design question
- Next by thread: RE: [fw-wiz] False results to DMZ
- Index(es):
Relevant Pages
|
|
