RE: [fw-wiz] False results to DMZ
- From: "Paul Melson" <pmelson@xxxxxxxxx>
- Date: Mon, 23 Jan 2006 09:33:10 -0500
-----Original Message-----
Subject: [fw-wiz] False results to DMZ
> First off, the DMZ is setup with virtual interfaces (PIX), and the
scanning source is
> inside. The firewall allows anything IP from this scanner. If I scan most
of the DMZ's, I
> get normal results, with all of the scans.
> Using NMAP, If I scan one specific DMZ, I only get results with the SYN
scan and TCP window
> scans, AND it says every port is open (what the firewall allows). Cisco
support is not being > helpful. Does anyone have any idea why this is? It's
weird. Im trying to automate Nessus
> against the DMZ servers, and its giving too many false positives about
open ports.
> I have taken packet traces, and the only thing weird is that I am getting
an ACK back for
> eveyr port, but they are Zero Window (TCP Window Scan brings back every
port open).
> Any ideas?
Can you post a sanitized version of your PIX config? Specifically I'm
wondering about sysopt proxy arp and static/global nat settings. If you
scan with nmap -sT (full TCP connect() scan) do you get correct results?
PaulM
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Follow-Ups:
- RE: [fw-wiz] False results to DMZ
- From: David U. Haltinner
- RE: [fw-wiz] False results to DMZ
- References:
- [fw-wiz] False results to DMZ
- From: David U. Haltinner
- [fw-wiz] False results to DMZ
- Prev by Date: Re: [fw-wiz] FW appliance comparison - Seeking input for the forum
- Next by Date: RE: [fw-wiz] False results to DMZ
- Previous by thread: [fw-wiz] False results to DMZ
- Next by thread: RE: [fw-wiz] False results to DMZ
- Index(es):
Relevant Pages
|
