cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements

264
Views
0
Helpful
5
Replies
Highlighted
Participant

Running PortScan (from Outside) Shows Ports open on internal server

Hello

 

So for fun at random I do port-scans to monitor my server etc and on my email server The only process I run is email itself with 993 and 25 open and as well the only 2 ports in my ASA but when I run a scan it shows 80 and 443 open. As I said and verified the only 2 ports in the ASA are for 25 and 993 so I am unsure as to why. I can paste my config file later but for now maybe there is something common about this that I am missing. 

5 REPLIES 5
Highlighted
VIP Mentor

Re: Running PortScan (from Outside) Shows Ports open on internal server

what is the IP you used for port-scanning? outside interface of ASA? is the mail server has static NAT 1 to 1 configure? 

 

give us more information about the setup to understand.

 

Also, suggest you do the same scan from the internal network to mail server the same way you did from outside and compare the results.

 

BB
*** Rate All Helpful Responses ***
Highlighted
Hall of Fame Guru

Re: Running PortScan (from Outside) Shows Ports open on internal server

I am not clear whether the reported open ports are on the ASA or on the server. Perhaps the original poster can clarify? If on the ASA perhaps it is because those ports might be open to provide management access to the ASA.

HTH

Rick
Highlighted
Participant

Re: Running PortScan (from Outside) Shows Ports open on internal server

I apologize for the delay I had not received an email notification saying I had responses.

 

So I will show a picture of my server topology. I am running a Portscan from the outside (completely different network from be it my cell phone or at work) and scanning a static IP with a 1/1 NAT through my 5508-X which connects to my Email server which would be GE/03 with an Interface IP of 192.168.3.180 and the Server has the actual real static IP x.x.x.180 using 192.168.3.180 as the gateway. 

 

My Portscan from here at work right now shows 25, 80, 443 and 993 open but I can guarantee only 25 and 993 are open for in/out Email access. I am scanning the internal static ip, not the Gateway static IP of the router. 

When I get home if still needed I will gladly paste what my ASA says but I am also the one who configured it and never would I have had reason to open those 2 other ports. 

BasicToplogy.jpg

 

Highlighted
VIP Mentor

Re: Running PortScan (from Outside) Shows Ports open on internal server

As per your description, it should not show other than the port you allowed in ACL for Static NAT translation. ( Do you have ACL also after NAT - which is allowed only required ports ?)

 

As I have suggested, have you scanned internally against the server to confirm it only responding to the port you intended to respond?

 

honestly, we do scan for audit purpose, never come across this issue.

 

 

BB
*** Rate All Helpful Responses ***
Highlighted
Participant

Re: Running PortScan (from Outside) Shows Ports open on internal server

When I get home I will indeed verify what you ask, as well as test locally on the network.

As far as an ACL past the NAT, I do not as only 1 PC, A Linux Server, is connected but I suppose the idea would be an IPTABLES on the Linux Server, which I do not as I am using the ACL on the 5508 to control incoming. With that said, I can not imagine how that would matter especially when that Server does not and never does run an Http server.

I will get back. ty