Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6433
Views
0
Helpful
0
Replies

TCP Source Port Pass Firewall finding reported by qualys

parthibanj1
Level 1
Level 1

‎03-08-2017 11:27 PM - edited ‎03-12-2019 02:01 AM

Qualys reported a finding "TCP Source Port Pass Firewall" on 25 port against cisco asa firewall.Could you explain why this behavior implemented in ASA. Is this a false positive?

Vulnerability:
TCP Source Port Pass Firewall

THREAT:
Your firewall policy seems to let TCP packets with a specific source port pass through.

IMPACT:
Some types of requests can pass through the firewall. The port number listed in the results section of this vulnerability report is the source port that unauthorized users can use to bypass your firewall.

SOLUTION:
Make sure that all your filtering rules are correct and strict enough. If the firewall intends to deny TCP connections to a specific port, it should be configured to block all TCP SYN packets going to this port, regardless of the source port.

RESULTS:

The host responded 4 times to 4 TCP SYN probes sent to destination port 25 using source port 25. However, it did not respond at all to 4 TCP SYN probes sent to the same destination port using a random source port.

 

13 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card