Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
810
Views
0
Helpful
0
Replies

3005 Concentrator and TCP Port Pass Firewall

todd.kelly
Level 1
Level 1

‎09-28-2006 07:24 AM - edited ‎03-09-2019 04:21 PM

Can anyone tell me what this is suppose to mean:

THREAT:

Your firewall policy seems to let TCP packets with a specific source port pass through.

IMPACT:

Some types of requests can pass through the firewall. The port number listed in the results section of this vulnerability report is the source port that

unauthorized users can use to bypass your firewall.

SOLUTION:

Make sure that all your filtering rules are correct and strict enough. If the firewall indends to deny TCP connections to a specific port, it should be

configured to block all TCP SYN packets going to this port, regardless of the source port.

RESULT:

The host responded 4 times to 4 TCP SYN probes sent to destination port 443 using source port 80. However, it did not respond at all to 4 TCP SYN

probes sent to the same destination port using a random source port.

The only access-lists I have for my public interface is:

access-list outside_access_in permit udp any host xxx.xxx.xxx.xxx eq isakmp

access-list outside_access_in permit udp any host xxx.xxx.xxx.xxx eq 4500

access-list outside_access_in permit tcp any host xxx.xxx.xxx.xxx eq 10000

access-list outside_access_in permit esp any host xxx.xxx.xxx.xxx

Or could this be on the concentrator end?

Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents