SRX

last person joined: 3 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.

  • 1.  port scans

    Posted 02-08-2010 16:58

    Hi all,

     

    I finished port scanning my network and it shows up to 1000 opened ports but I only opened ports 80, 443, 20,21 and 22. When I ran NMAP it shows alot  more ports opened. I am assuming because the SRX is a stateful firewall therefore all user sessions ports will show as opened.

     

    Is there a way to lock this down when I run a port scan I don't want to see random user ports. I only want to see the ports that I have configured in my firewall rules and in my destination nat rules.

     

    Any help would be highly appriecated

     

    Thanks

     

    Graham



  • 2.  RE: port scans

    Posted 02-12-2010 23:15

    Question is whether or not the ports that are 'opened' are a result of SRX responding to the scan or if there is a server, etc. that is responding. How is your host-inbound-traffic configured for the zone from which you are performing the port scan? Does it say system-services all or did you only specify specific protocols? More details about your configs and how your port scanning is running would be needed to come to any conclusions.

     

    -Richard



  • 3.  RE: port scans

    Posted 02-14-2010 20:50

    Hi Rkim,

     

    I only HTTPS and ping are allowed into my untrusted zone. A

     

    For exzample when I do an NMAP intenese scan and scan to scan my SRX for any open ports I see ports such as 311 TCP opened.

     

    I don't have those ports listed in my destination NAT rules or in my firewall rules. I am assuming NMAP can see it opened because the SRX is a stateful firewall.

     

    Is there a way to block theses port scans? I tried setting my screen option to block port scans but it doesn't work I can still see ports opened.

     

    Please let me know if there is something I can do.

     

    Thanks

     

    Graham

     



  • 4.  RE: port scans
    Best Answer

    Posted 02-15-2010 15:28

    Just found out NMAP would see TCP RSTs as open ports. In fact we would not have open session with RST so that means there is no real hole in your security with RSTs. Some ideas to prevent unwanted RSTs when running NMAP.

     

    1. Delete any tcp-rst configuration from your security zone that your NMAP is trying to reach.

     

    2. Delete TCP syn flood screens from the zone as well.

     

    Then run NMAP and see if you still see ports getting marked as open.

     

    -Richard



  • 5.  RE: port scans

    Posted 02-15-2010 17:25

    thanks rkim i found this out today

     

    cheers



  • 6.  RE: port scans

    Posted 09-20-2011 07:57

    Hi,

    I'm facing the same problem, Could you guide me on how to do the configuration so nmap won't list the ports?

    Thanks