This is a discussion on [fw-wiz] Query: NMAP SCAN of Priveleged Ports on a DLINK G624T - Firewalls ; Dear Firewall Guru's, My network is protected by a DLINK G624T broadband router (Budget constraints). Default policy is to DENY incoming, ACCEPT outgoing and I have firewall features to stop DoS and spoofing enabled on firewall. Note: in this email ...
Dear Firewall Guru's,
My network is protected by a DLINK G624T broadband router (Budget
constraints). Default policy is to DENY incoming, ACCEPT outgoing and I
have firewall features to stop DoS and spoofing enabled on firewall.
Note: in this email i refer also to Small Business Server as extra
information to my NMAP scan and possibly its role in running unwanted
Am I open to exploits? What does it mean to be "filtered"? See below for
SOHO DLINK-G624T ADSL (4-port router and firewall) ---> external SBS NIC
1 -----> internal SBS NIC 2 ------> two PC's
Note: no port forwarding from DLINK to SBS external IP set up for
external network access.
I ran an external nmap scan (from another network) on my networks public
static IP address for ports 0 to 1025 and the results where as follows:
nmap -sT -p 0-1025 -PT MYIPAddress
Interesting ports on MYIPAddress.ISPProviderDomain (MYIPAddress):
Not shown: 1014 closed ports
PORT STATE SERVICE
21/tcp filtered ftp
23/tcp filtered telnet
80/tcp filtered http
110/tcp filtered pop3
119/tcp filtered nntp
443/tcp filtered https
465/tcp filtered smtps
500/tcp filtered isakmp
501/tcp filtered stmf
873/tcp filtered rsync
993/tcp filtered imaps
995/tcp filtered pop3s
Nmap finished: 1 IP address (1 host up) scanned in 13.582 seconds
Am I open to exploits? What does it mean to be "filtered"? Are these
nmap guesses that certain ports may be used or open?
DLINK has firewall capabilities but i wonder if i can add to the
security of this by activating possibly an inbuilt firewall on the SBS
I do not run for example the insecure telnet or in fact any of these
nmap detected services publicly/remotely (nor internally that i am aware
of). I don't even use SBS as a mail server at the moment. Both client
PC's fetch email directly into thunderbird clients from the external web
and mail hosting provider.
SBS was given the 2 DNS ip addresses from broadband service provider.
SBS is not a DNS server, its more a relay i guess for client requests.
So I wonder does SBS standard edition by default run these services even
though they are not needed?
The DLINK G624T has a firewall policy of DENY all incoming and ACCEPT
all outgoing. Hence, I wonder does SBS say, i want to run services XYZ
and the the firewall says "ok, i'll open these ports as SBS is trusted
and is internal to the network"?
Note: that both PC clients also run Skype. Maybe i should not run Skype!
Any comments welcomed.
firewall-wizards mailing list