During a recent IP/PORT scan for an audit, we started to see port:21 (FTP control) open on all public IP's at the company...even IP's not in use. We have 1 FTP server up and running where it is publicly available. I have double checked our rulebase and any connections to port:21 other than to the FTP server should be dropped. In the SmartView Trakker program, it is showing as being dropped. On the computer doing the scanning, it shows "connected to xxx.xxx.xxx.xxx on port:21" but it does not get a banner/login/etc. If you connect to the firewall (Nokia 350) using SSH and run tcpdump on all interfaces, you can see the incoming packet on the public interface, but nothing else. Nothing on the other ethernet ports, no other traffic coming from or going to the scanning IP. It appears it is dropping it, but we are not sure why the scanning system would show a connection. Any ideas? Thanks in advance,
Jerry ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
