Can anyone tell me what this is suppose to mean:
THREAT:
Your firewall policy seems to let TCP packets with a specific source port pass through.
IMPACT:
Some types of requests can pass through the firewall. The port number listed in the results section of this vulnerability report is the source port that
unauthorized users can use to bypass your firewall.
SOLUTION:
Make sure that all your filtering rules are correct and strict enough. If the firewall indends to deny TCP connections to a specific port, it should be
configured to block all TCP SYN packets going to this port, regardless of the source port.
RESULT:
The host responded 4 times to 4 TCP SYN probes sent to destination port 443 using source port 80. However, it did not respond at all to 4 TCP SYN
probes sent to the same destination port using a random source port.
The only access-lists I have for my public interface is:
access-list outside_access_in permit udp any host xxx.xxx.xxx.xxx eq isakmp
access-list outside_access_in permit udp any host xxx.xxx.xxx.xxx eq 4500
access-list outside_access_in permit tcp any host xxx.xxx.xxx.xxx eq 10000
access-list outside_access_in permit esp any host xxx.xxx.xxx.xxx
Or could this be on the concentrator end?