[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 496
  • Last Modified:

NMAP Question

Hola Experts,

I ran an Nmap scan from Nmap-Online.com and here are the results:

PORT STATE SERVICE
25/tcp open smtp
53/tcp open domain


Only thing is, checked my Pix Firewall and the Inbound acess-list only permits 25. I do not permit DNS into the network, so how is it finding this? and more importantly, how can I find it and shut it off?
0
jaysonfranklin
Asked:
jaysonfranklin
  • 2
  • 2
1 Solution
 
gheistCommented:
It means your PIX is not protecting you. What will you do now?
0
 
jaysonfranklinAuthor Commented:
haha u funny.

seriously, if i telnet to port 53 from outside the pix, the port does not appear to be open. so, i was just wondering how the nmap-online found that it was open. it's just confusing since the pix is supposed to be stateful.
0
 
lrmooreCommented:
I believe it to be a false reading by nmap.
It shows mine to also have tcp/53 open and I know for a fact it is not.
Try another online scanner and you will get different results
http://labs.programming-designs.com/portscanner/
Or ShieldsUp at http://www.grc.com
0
 
jaysonfranklinAuthor Commented:
thats what figured, i just wondered if somebody out there knew something i didn't. Thanks lrmoore.
0
 
lrmooreCommented:
Ya, even with an explicit deny acl there are no hits
access-list outside_access_in line 2 extended deny tcp any any eq domain (hitcnt=0)

Yet NMAP still shows it open
PORT STATE SERVICE
53/tcp open domain
80/tcp open http  

HTTP ain't open, either!

I can watch the live log and see the denies on other ports.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now