RE: [fw-wiz] False results to DMZ



-----Original Message-----
Subject: [fw-wiz] False results to DMZ

> First off, the DMZ is setup with virtual interfaces (PIX), and the
scanning source is
> inside. The firewall allows anything IP from this scanner. If I scan most
of the DMZ's, I
> get normal results, with all of the scans.
> Using NMAP, If I scan one specific DMZ, I only get results with the SYN
scan and TCP window
> scans, AND it says every port is open (what the firewall allows). Cisco
support is not being > helpful. Does anyone have any idea why this is? It's
weird. Im trying to automate Nessus
> against the DMZ servers, and its giving too many false positives about
open ports.
> I have taken packet traces, and the only thing weird is that I am getting
an ACK back for
> eveyr port, but they are Zero Window (TCP Window Scan brings back every
port open).
> Any ideas?


Can you post a sanitized version of your PIX config? Specifically I'm
wondering about sysopt proxy arp and static/global nat settings. If you
scan with nmap -sT (full TCP connect() scan) do you get correct results?

PaulM

_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages

  • Re: Firewall/VPN
    ... > the ones that are DMZ capable. ... They actually have an extra Port called ... > the D-link regurdless of having as much features or even more seems to ... Most firewall devices can sense an attack ...
    (comp.security.firewalls)
  • Re: OWA connectivity
    ... If you're using PIX on your first firewall and use Checkpoint on ... opened and hosts to which they must be opened between the DMZ and Intranet ... First though I'd like to admit I made a mistake in talking about SMTP port ... Whether or not you use a proxy server in this setup is up to ...
    (microsoft.public.exchange.admin)
  • RE: Communicate between subnets
    ... > We have a pix 515 firewall setup with an inside, outside, and DMZ. ... > win2k3 webserver is on the dmz on one subnet, and the clients and the win2k3 ...
    (microsoft.public.windows.server.networking)
  • Re: Dual nic with DMZ via firewall
    ... the WAN NIC to be in our firewalls DMZ. ... email or rww would be protected via DMZ firewall rules. ... If the SBS box is compromised then it also exists on the LAN so maybe ... If you have the SBS server WAN port in the DMZ and your Firewalls LAN is ...
    (microsoft.public.windows.server.sbs)
  • Re: OWA connectivity
    ... First though I'd like to admit I made a mistake in talking about SMTP port ... Secondly opening these ports from your DMZ towards your LAN is not insecure ... Whether or not you use a proxy server in this setup is up to you. ... I feel is not a true firewall and should be used as ...
    (microsoft.public.exchange.admin)