General discussion

Locked

Ports Scanning

By lwmccksg ·
I tried scanning the company A's router connected to ISP from internal network. Quite a number of ports open. But scan from internet (external), no ports open. But scan from internal network on the company A'S range of external IP addresses and detect 1 IP address with ports open which is similar to the result of the scan of the company A's router from internal network.

What could be the reason? There is no server attached to that particular ISP internet IP address.

This conversation is currently closed to new comments.

4 total posts (Page 1 of 1)  
| Thread display: Collapse - | Expand +

All Comments

Collapse -

by jmgarvin In reply to Ports Scanning

Wow...I'm VERY confused. I assume you are saying

1) You scanned your network from inside your network
2) You scanned your network from outside your network (like your home computer scanned your network)

If that is the case, then when you scan from inside your network you can get erronous results. You are probably seeing something that is open for your intranet, but not open to the internet...

Collapse -

by lwmccksg In reply to

Poster rated this answer.

Collapse -

by soliboy In reply to Ports Scanning

Do you work for a contractor or partner of Company A?

Perhaps whatever IP address you were using/hidden behind when you discovered the number of open ports is supposed to be permitted access where the other IPs are blocked by packet filters or a firewall.

Collapse -

by netsecsvc In reply to Ports Scanning

The router probably is using access-lists to block traffic to certain IP's, while allowing it to others -- much like a firewall. As for the one IP being open, well it is probably setup with a one-to-one static NAT mapping for an internal host. It sounds like the access-list should be blocking most of the ports to that static mapping, or the static mapping should be changed to use PAT instead of NAT so it only translates the necessary ports.

Of course all of this could be done through a firewall, but most firewalls sit INSIDE the router. It is very common to use access-lists on routers as well as NAT/PAT to publish servers.

Back to Security Forum
4 total posts (Page 1 of 1)  

Related Discussions

Related Forums