Firewall Wizards mailing list archives
RE: Cisco PIX open ports on outside interface?
From: "Smith, Gary (SCOTAM)" <gary.smith () ScottishAmicable co uk>
Date: Mon, 11 Dec 2000 09:12:49 -0000
Fabio: We do not have any web accelerator products installed. We have a proxy on the inside, a pix, and then a router on the outside, and that's it. I have tried to find out whether the PIX holds some sort of internal web caching but I can't find anything documented anywhere. --Gary; -----Original Message----- From: Fabio Pietrosanti (naif) [mailto:fabio () telemail it] Sent: Saturday, December 09, 2000 4:18 AM To: Smith, Gary (SCOTAM) Cc: 'firewall-wizards () nfr com' Subject: Re: [fw-wiz] Cisco PIX open ports on outside interface? depot/prod/ontap? isn't this network appliance, file server, or web accellerator? naif On Tue, 5 Dec 2000, Smith, Gary (SCOTAM) wrote:
All: I have an acl on the outside interface of a pix that allows: 80 & 443 to a web server on the DMZ 25 to a mail server on the DMZ and then has an explicit deny ip any any rule. When a security company ran a strobe against the outside interface they claim that both Telnet and Cisco Secure Telnet were open on the outside interface (although they couldn't connect) and I have also verified that port 80 is open with the following returned after a get / <!-- $ID: //depot/prod/ontap/Rbrutus/prod/netcache/errors/500.html#1 $ --> I couldn't verify the telnet ports were open (though I don't know what
they
used to test, I used netcat), we do have remote administration enabled but
I
remember reading somewhere that this was only on the inside interface (though this might be version 4.x.x documentation). Should any ports be open on the outside interface by default? Where is
this
documented? Any and all help gratefully received. --Gary; ********************************************************************** Information contained herein is the sole responsibility of the Individual sending the message. No responsibility is admitted by Scottish Amicable for any loss or damage incurred through use of the email. In addition, no statement should be construed as giving investment advice within or outside the United Kingdom. An email reply to this address may be subject to interception or
monitoring
for operational reasons or for lawful business practices. ********************************************************************* _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
********************************************************************** Information contained herein is the sole responsibility of the Individual sending the message. No responsibility is admitted by Scottish Amicable for any loss or damage incurred through use of the email. In addition, no statement should be construed as giving investment advice within or outside the United Kingdom. An email reply to this address may be subject to interception or monitoring for operational reasons or for lawful business practices. ********************************************************************* _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Cisco PIX open ports on outside interface? Smith, Gary (SCOTAM) (Dec 08)
- Re: Cisco PIX open ports on outside interface? Fabio Pietrosanti (naif) (Dec 10)
- Re: Cisco PIX open ports on outside interface? istong (Dec 12)
- <Possible follow-ups>
- RE: Cisco PIX open ports on outside interface? Smith, Gary (SCOTAM) (Dec 12)