Dear Firewall Guru's,
My network is protected by a DLINK G624T broadband router (Budget
constraints). Default policy is to DENY incoming, ACCEPT outgoing and I
have firewall features to stop DoS and spoofing enabled on firewall.
Note: in this email i refer also to Small Business Server as extra
information to my NMAP scan and possibly its role in running unwanted
services.
QUESTION:
Am I open to exploits? What does it mean to be "filtered"? See below for
details.
NETORK TOPOLOGY:
+++++++++++++++
SOHO DLINK-G624T ADSL (4-port router and firewall) ---> external SBS NIC
1 -----> internal SBS NIC 2 ------> two PC's
Note: no port forwarding from DLINK to SBS external IP set up for
external network access.
NMAP SCAN:
++++++
I ran an external nmap scan (from another network) on my networks public
static IP address for ports 0 to 1025 and the results where as follows:
nmap -sT -p 0-1025 -PT MYIPAddress
Interesting ports on MYIPAddress.ISPProviderDomain (MYIPAddress):
Not shown: 1014 closed ports
PORT STATE SERVICE
21/tcp filtered ftp
23/tcp filtered telnet
80/tcp filtered http
110/tcp filtered pop3
119/tcp filtered nntp
443/tcp filtered https
465/tcp filtered smtps
500/tcp filtered isakmp
501/tcp filtered stmf
873/tcp filtered rsync
993/tcp filtered imaps
995/tcp filtered pop3s
Nmap finished: 1 IP address (1 host up) scanned in 13.582 seconds
NMAP QUESTION:
Am I open to exploits? What does it mean to be "filtered"? Are these
nmap guesses that certain ports may be used or open?
ASIDE:
DLINK has firewall capabilities but i wonder if i can add to the
security of this by activating possibly an inbuilt firewall on the SBS
standard server?
MY CONCERN:
++++++++++
I do not run for example the insecure telnet or in fact any of these
nmap detected services publicly/remotely (nor internally that i am aware
of). I don't even use SBS as a mail server at the moment. Both client
PC's fetch email directly into thunderbird clients from the external web
and mail hosting provider.
SBS was given the 2 DNS ip addresses from broadband service provider.
SBS is not a DNS server, its more a relay i guess for client requests.
So I wonder does SBS standard edition by default run these services even
though they are not needed?
The DLINK G624T has a firewall policy of DENY all incoming and ACCEPT
all outgoing. Hence, I wonder does SBS say, i want to run services XYZ
and the the firewall says "ok, i'll open these ports as SBS is trusted
and is internal to the network"?
Note: that both PC clients also run Skype. Maybe i should not run Skype!
Any comments welcomed.
regards,
Will.
_______________________________________________
firewall-wizards mailing list
firewall-wizards@listserv.icsalabs.com
https://listserv.icsalabs.com/mailman/listinfo/firewall-wizards
|