This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Discovered open port

Scan is done from external source not from behind the Sophos UTM v.9.200011 box

I have been having this issue for a while now with UTM v.9.2 did fresh clean install everything left at default, did a scan same result Discovered open port, so applied filter rules configure it how i need it to be same result Discovered open port.

So I decided to setup a different Brand Firewall put it infront of the Sophos UTM v.9.200011 did a scan with default no open port discovered, so applied filter rules configure it how i need it to be same result no open port discovered.

When I remove the different brand firewall from infront of Sophos UTM v.9.200011 same result Discovered open port.

why do i see open ports.

scan result below for Sophos UTM v.9.200011

Starting Nmap 6.40 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2014-03-11

NSE: Loaded 110 scripts for scanning.

NSE: Script Pre-scanning.

Initiating Ping Scan at 10:55

Scanning ***.***.***.XX [4 ports]

Completed Ping Scan at 10:55, 0.31s elapsed (1 total hosts)

Initiating Parallel DNS resolution of 1 host. at 10:55

Completed Parallel DNS resolution of 1 host. at 10:55, 0.19s elapsed

Initiating SYN Stealth Scan at 10:55

Scanning ip***.***.***.XX.0000.0000.000 (***.***.***.XX) [1000 ports]

Discovered open port 21/tcp on ***.***.***.XX

Discovered open port 80/tcp on ***.***.***.XX

Discovered open port 443/tcp on ***.***.***.XX

Discovered open port 8010/tcp on ***.***.***.XX

Discovered open port 8008/tcp on ***.***.***.XX

Completed SYN Stealth Scan at 10:55, 4.91s elapsed (1000 total ports)

Scan result below for Different Brand Firewall

Starting Nmap 6.40 ( Nmap - Free Security Scanner For Network Exploration & Security Audits. ) at 2014-03-11

NSE: Loaded 110 scripts for scanning.

NSE: Script Pre-scanning.

Initiating Parallel DNS resolution of 1 host. at 12:52

Completed Parallel DNS resolution of 1 host. at 12:52, 0.14s elapsed

Initiating SYN Stealth Scan at 12:52

Scanning ip***.***.***.XX.0000.0000.000 (***.***.***.XX) [1000 ports]

SYN Stealth Scan Timing: About 29.50% done; ETC: 12:54 (0:01:14 remaining)

SYN Stealth Scan Timing: About 59.00% done; ETC: 12:54 (0:00:42 remaining)

Completed SYN Stealth Scan at 12:54, 104.16s elapsed (1000 total ports)

This thread was automatically locked due to age.

Parents

0 BAlfson over 11 years ago

Knome, see #2 in https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22065. You must use a DNAT to close those ports as they are opened automatically by the UTM. The only reason to do so would be because you have to pass a PCI scan done by someone that's not very skilled. Other than that, there's nothing "exposed" unless you have a serious configuration error.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 11 years ago

Knome, see #2 in https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22065. You must use a DNAT to close those ports as they are opened automatically by the UTM. The only reason to do so would be because you have to pass a PCI scan done by someone that's not very skilled. Other than that, there's nothing "exposed" unless you have a serious configuration error.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

No Data