Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations strongm on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Security Audit cannot scan outside interface of PIX 501

Status
Not open for further replies.

xylax

MIS
Oct 14, 2005
31
US
Greetings,

My company has paid for a third party Auditing company to audit the security of our remote locations, that mostly use PIX 501s. However, we are failing the audits do to that fact that they cannot scan the outside interface of the PIXs. I thought that was a good thing but appearently, they don't. Since their search is inconclusive, they fail us. Any thoughts on how to allow them to scan the outside interface?

I watched the terminal monitor at lvl7 and found that they were hitting the 65534 and 5678 ports. Since they didn't get an acknowledgement, the scan fails.

Here's my attempts:
1) service resetinbound
2) access-list scan_outside permit any any
access-list scan_outside in interface outside

Any thoughts on how to not filter these packets?

Shon
Network Administrator
 
Found that the Auditing company was scanning using the hostname, which is dynamic depending on the ISP. They are now scanning with the IP address we gave them and it works fine.

Shon
Network Administrator
 
We are questioning their ability to do what we want them to do for obvious reasons, as you see here.

Shon
Network Administrator
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top