port scan to juniper fw



Dear list,
I am performing a port scan to an IP address of juniper SSG firewall (6.2.r3).
When the port scan finishes the results show me a lot of open ports
although they are not open.
Further the results differ and the same scan shows different open
ports next time.
The tcpdump during the port scan shows me that the fw is answering
with a syn-ack after the third syn.
Why is this happening ? I would expect no answer or a rst packet.

I would be very happy if somebody could explain me this strange
behaviour and let me know how I can fix it.
Maybe there is an option on the fw to switch this off.

This is the nmap scan command:

nmap -sS -P0 <fw-untrust-ip>

Many Thanks
rm

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified.

http://www.iacertification.org
------------------------------------------------------------------------



Relevant Pages

  • Re: port scan to juniper fw
    ... If the packet with SRC-IP a.b.c.d ... enters firewall via interface 'X' and the route on the firewall for ... the below default behavior of Juniper SSG for a port scan. ... Information Assurance Certification Review ...
    (Pen-Test)
  • Re: Bypass grub edit protection password
    ... Maybe a web interfase, it could have some bugs and enter by there. ... Or try to analize each port independently, ... and go search some 0 day bug. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: port scan to juniper fw
    ... the below default behavior of Juniper SSG for a port scan. ... I am performing a port scan to an IP address of juniper SSG firewall. ... SYN packets with SYN-ACK once the flood threshold is reached. ... Information Assurance Certification Review Board ...
    (Pen-Test)
  • Re: Penetration Testing
    ... I think you are looking for a VA tool with a port scanner embedded. ... You can try nessus with the open vas plugin ... Information Assurance Certification Review Board ... Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. ...
    (Pen-Test)
  • Firewall FW Alerts
    ... your firewall logs. ... Your pinging another computer ... Performing a Port Scan ...
    (comp.security.firewalls)