Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 2 replies
  • Subscribers 27 subscribers
  • Views 5151 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Common ports open on all public IPs, such as SSH and SMTP

RichardPhillips

Hi,

We have an upcoming penetration test as part of a certification, and I am just going through checking all is as it should be.

I have noticed that SMTP and SSH are open on all ports and respond.

I have created a reject rule, and have tried ip range i.e x.x.x.100-x.x.x.110 for both SMTP and SSH, but it then blocks ALL public IPs, not just the ones I have selected, and even if I do a single IP, it blocks the whole range.

I am really keen to reduce the number of IPs these services hang on.

Anyone else come across this?

Thanks,

Richard.



This thread was automatically locked due to age.
Parents
  • 0

    Hi Richard,

     

    you can open/close ports like ssh on SFOS in System -> Administration -> Device Access. I think the firewall rules are for traffic routed through the device whereas the settings in device access are for local services.

     

    Hope that helps.

     

    Cheers,

    Daniel

Reply
  • 0

    Hi Richard,

     

    you can open/close ports like ssh on SFOS in System -> Administration -> Device Access. I think the firewall rules are for traffic routed through the device whereas the settings in device access are for local services.

     

    Hope that helps.

     

    Cheers,

    Daniel

Children
  • 0 in reply to kofi

    Thanks Daniel, but I know that.

    Its the fact that SSH is open on all the public IPs. If I try to block 9 of the 10 public ips for SSH it does all 10.

    I want the port open, but just on a specific IP address. Its all about minimising exposure when it comes to the ip/port scan.