[ QUOTE ]
Both IP addresses had TCP ports 21 (FTP) and 80 (HTTP) open. However when a traditional port scan was ran against the servers the results showed that both IP addresses were open on TCP ports 25 (SMTP), 110 (POP3), 113 (Auth) and 1723 (PPTP). On further investigation, probing each individual port, Context identified that these additional services were actually false positive results caused by some type of filtering being performed by a device in front of the Citywire servers. This device was also found to answer ICMP Echo and Timestamp requests on behalf of the IP addresses
[/ QUOTE ]
Thats not unusual, I've seen scan reports before that show ASL as having open ports but not accessible, so the ports were not stealthed, just closed due to access controls on the packet filter.
However the next paragraph interested me the most:
[ QUOTE ]
Neither IP address was under the protection of a Stateful Inspection firewall, as specially crafted packets with the TCP ACK flag set were not dropped but elicited a TCP RST (Reset) packet from the servers themselves. This behaviour reduces the time it takes to perform a port scan and actually allowed Context to perform a complete scan on ports 1-65535. Although this approach in itself resulted in false positive results as described above
[/ QUOTE ]
Is this behaviour by design? Again is it something that cropped up in Astaro's recent certification tests and is something that was fixed/patched in v5 before the certification was passed.
Or should I just stop worrying and get a good nights sleep?
This thread was automatically locked due to age.
