Cisco Support Community
Community Member

Weird port scan results to DMZ

First off, the DMZ is setup with virtual interfaces (PIX v7), and the scanning source is inside. The firewall allows anything IP from this scanner. If I scan most of the DMZ's, I get normal results, with all of the scans.

Using NMAP, If I scan one specific DMZ, I only get results with the SYN scan and TCP window scans, AND it says every port is open (what the firewall allows). Cisco support is not being helpful. Does anyone have any idea why this is? It's weird. Im trying to automate Nessus against the DMZ servers, and its giving too many false positives about open ports.

I have taken packet traces, and the only thing weird is that I am getting an ACK back for eveyr port, but they are Zero Window (TCP Window Scan brings back every port open).

CreatePlease to create content