Connect. Communicate. Collaborate. Securely.

Home » Kerio User Forums » Kerio Control » Port Scan shows all ports open??
  •  
sophos9

Messages: 107
Karma: 0
Send a private message to this user
Hi

Just starting to audit the security of our servers. I ran several different port scan on it and everytime it shows that all ports are open.

I have rules set up for

INCOMING HTTPS, VNC, IMAP and FTP.

NAT is OUTGOING HTTP, HTTPS, HTTP PROXY, FTP, SMTP, POP3 and any ICMP

Firewall Traffic is any

ICMP is from Firewall Host to Internet Ping only

I would expect a port scan only to reveal the INCOMING traffic rule and display the banners. The default rule to 'drop' traffic to any other ports not specified should give a scanner a closed port?? I run a 2nd tier IDS and that picks up nothing so KWF must be doing it job??!

How can I close the ports so they do respond report as being open to port scanners please.

Thanks in advance
  •  
sophos9

Messages: 107
Karma: 0
Send a private message to this user
Im pretty sure that I have configured everything but would like some assistance from someone please?!?

Unsolicited packets are dropped and no ICMP packets are responded to but still it makes me look like a target in a random scan. Is there any way to block all the ports apart from the ones that have needed services so a scan will show all ports stealthed or something??

Thanks in advance
  •  
bronco

Messages: 131
Karma: 1
Send a private message to this user
Hi Sophos9,

Can you make a screen dump of the config/Traffic Policy? Do not forget to mask out your public ip's. Maybe we then spot the colprid Smile .

Rene.

[Updated on: Sun, 09 May 2004 02:33]

  •  
sophos9

Messages: 107
Karma: 0
Send a private message to this user
Rene, Hi

I have ayyached a screen print of the traffic policy so hopefully you can help. Im pretty sure everything is as its supposed to be.

Im on satellite broadband so thats what all the traffic rules are.

If you need more then please let me know??

Thanks in advance

http://forums.kerio.com/index.php?t=getfile&id=138



[Updated on: Mon, 10 May 2004 10:08]

  •  
sophos9

Messages: 107
Karma: 0
Send a private message to this user
http://forums.kerio.com/index.php?t=getfile&id=139

  •  
bronco

Messages: 131
Karma: 1
Send a private message to this user
Hi Sophos9,

I do not see something wrong with your config. The only thing I found strange is that you are trying to do routing with Trafic Policies (the first white lines). But that is maybe because I do not fully understand Satellite Internet. Normally you have a config like this: internetdevice connecting to the fw machine on one nic and then another nic to the local network.

Did you try to do a portscan from the winroute machine or from another box? Try doing a portscan from the winroute machine to on of the following url's http://security.symantec.com or http://t1shopper.com/tools (Has also more usefull tools and urls to other sites)

If you still find that your ports are not running in stealth mode than you can try to simplify your Traffic Policy by running the wizard and adding things back one by one and in the meantime running the portscans. Do not forget to make a copy of the .cfg files in the winroute homedir.

Is there someone else that maybe seems a problem that we are overlooking?

I hope this helps you getting a bit closer to a solution.

Rene.
Previous Topic: MS-SQL
Next Topic: "Changing the Default Gateway" bug
Goto Forum:
  


Disclaimer:
Kerio discussion forums are intended for open communication between forum members and may contain information and material posted by members which may be useful in learning about Kerio products. The discussion forums are not intended to provide technical support for any specific product. Any information implied or expressed in the discussion forums is that of the posting member. Kerio is in no way responsible for the information posted in the forums, or its accuracy. Kerio employees may participate in the discussions, but their postings do not represent an offical position of the company on any issues raised or discussed. Kerio reserves the right to monitor and maintain the forums to promote free and accurate exchange of information.

Current Time: Thu Nov 23 04:28:52 CET 2017

Total time taken to generate the page: 0.00402 seconds
.:: Contact :: Home ::.
Powered by: FUDforum 3.0.4.