It might be a problem with how the scanning tool determines if a port is "open". For example, here's part of the nmap man page: "UDP scans: This method is used to determine which UDP (User Datagram Protocol, RFC 768) ports are open on a host. The technique is to send 0 byte udp packets to each port on the target machine. If we receive an ICMP port unreachable message, then the port is closed. Otherwise we assume it is open." If your Firewall policy is dropping smpt packets, rather than rejecting "ICMP port unreachable" messages are not going to be sent, so the nmap would report the port is "open". Hope this helps. -- DH >From: Tom Sevy <[EMAIL PROTECTED]> >To: "Check Point FW List (E-mail)" ><[EMAIL PROTECTED]> >Subject: [FW1] Rules cause services to be seen? >Date: Tue, 1 Aug 2000 17:28:39 -0400 > > >I added a rule to filter out (not allow) inbound email to a specific >address. > >Once I did this, and ran a port scan, smtp shows open on every IP address >that the FW is proxying for. Is there a fix for this? > >I saw the same thing when I tried to create a client-auth rule to allow >outbound Telnet. Telnet port showed up on a scan for every IP address that >the FW is proxying. > > >================================================================================ > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html >================================================================================ ________________________________________________________________________ Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
