07-13-2016 04:05 PM - edited 03-12-2019 01:01 AM
I have a few 2911 ISR's running on my network that are running zone based or CBAC firewalls depending on when it was deployed. I am testing both configurations the following 2 NMAP scans with the following results which are puzzling.
1. TCP SYN Scan- shows that all ports are filtered. (Yay!)
2. TCP Connect Scan- Shows 2 ports open. (Boo!)
I feel confident in my configurations but am looking for council to help me understand why these come back open on a TCP Connect Scan.
So just to be sure my configs are solid, I have verified this to be the case on both a CBAC configuration with ACL denying just about everything from the outside and on a Zone Based firewall. I have also used shut down the IP http server and secure server. Doing a "Show IP HTTP Server status" shows it is disabled. I even ran the Cisco "Auto secure" command as an additional step locking it down but these ports are still showing open on a TCP connect scan.
Should this behavior be expected?
07-13-2016 07:31 PM
Any NAT configured?
I would try upgrading to a gold star software release if you aren't running one already. You may simply be running into an issue already resolved.
07-13-2016 07:42 PM
hi,
are you running NMAP from 'inside' or 'outside'?
please post sanitized config.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide