All Ports listed as open using NMAP with 'discovery' and 'don't ping' selected. What does this mean?

I am trying to make sure my 2600 router is secure so I am doing port scans from a remote network.  On my router,  I have all ICMP traffic blocked and am only allowing VPN traffic in unless it is established outbound traffic.  I performed a 'SYN Stealth scan' and since ICMP is turned off, the router could not be found. However when I went to 'discovery' and used the 'don't ping' option, every port showed open.  I tried scanning a bunch of other IP addresses from other companies and they showed the same with these options selected.   Is my network at risk?
LVL 11
bwalker1Asked:
Who is Participating?
 
srikrishnakConnect With a Mentor Commented:
Simple words..Yes..Tht means your network is not invisible...could be the FW ( may be accesslists if you dont have one) is not enough to Hide the network behind it..
0
 
CiaranDolanCommented:
No, but posting your ACLs here would help us to help you better. Have you tried going to www.grc.com and running the Shields Up application? It's simple and crude but quite useful.
0
 
srikrishnakCommented:
WoW...good to see a fellow nMAP user ...may be this document explains you in detail how this works..http://www.insecure.org/nmap/docs/discovery.pdf

0
 
bwalker1Author Commented:
Thanks for the info.  I feel comfortable with my ACLs as I am only allowing VPN traffic in.  I guess my real question is, why does every port show as open when I use NMAP port discovery with no ping selected.  If they show as open, doesn't that mean that the networks not secure.  I read the material from NMAPs website but I need someone to explain it to me.
0
 
bwalker1Author Commented:
I didn't get a lot of help on this one but I will close it out anyway.
0
All Courses

From novice to tech pro — start learning today.