Results 1 to 5 of 5

Thread: Inconsistent SG Security Scan results

  1. #1
    Junior Member
    Join Date
    Feb 2017
    Posts
    2

    Inconsistent SG Security Scan results

    I put a 2nd router in a DMZ after the ISP provided router, and my household is now behind the 2nd router (using the firewall in the 2nd router). If I run the automated SG Security Scan that cycles through the ports, it shows hundreds of open TCP ports, but when I test several of the purported open TCP ports via scanning a single port at a time (type them in), they show up as filtered. What is the issue w/ this inconsistency in the results?

  2. #2
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    9,481
    Blog Entries
    6
    The firewall in the second router may have some type of DoS/scan protection that kicks in? Once you see the ports closed with individual scans, does a consecutive scan on the range of ports still show them as open?

  3. #3
    Junior Member
    Join Date
    Feb 2017
    Posts
    2
    Quote Originally Posted by Philip View Post
    The firewall in the second router may have some type of DoS/scan protection that kicks in? Once you see the ports closed with individual scans, does a consecutive scan on the range of ports still show them as open?
    Yes, 4/tcp is the first port shown in the consecutive scan, and if I specify 4 in the single port scan it is filtered, and then I do a consecutive scan again and 4 still shows open.

  4. #4
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    9,481
    Blog Entries
    6
    port 4/tcp shows filtered in both the single and range of ports when I try it on your IP.
    Are you scanning the same IP in both cases, i.e. are you behind some type of proxy?

    Can you please email (or PM) me a screenshot of the portscans that show open ports and equivalent single-port scan that does not? It will help me troubleshot if I can see a list of ports that are showing up differently, my email is philip [at] sg...net

  5. #5
    Administrator Philip's Avatar
    Join Date
    May 1999
    Location
    Jacksonville, Florida, United States
    Posts
    9,481
    Blog Entries
    6
    I just wanted to follow up.. After additional testing with mcfowl, we figured that the culprit was an Actiontec MI424WR gateway - scanning over 100 ports triggers some type of IDS/SYN flood protection that starts dropping packets at random. It happens with both TCP and SYN scans. The behavior only occurs when DMZ is enabled on the router.

Similar Threads

  1. Security scan
    By partsfreak in forum Network Security
    Replies: 0
    Last Post: 01-06-05, 03:49 PM
  2. Brain scan results
    By Blisster in forum General Discussion Board
    Replies: 13
    Last Post: 04-26-04, 09:58 AM
  3. SG Security Scan
    By BaLa in forum Network Security
    Replies: 12
    Last Post: 06-25-03, 02:50 PM
  4. LOL, any guesses as to these scan results?
    By Humboldt in forum General Discussion Board
    Replies: 13
    Last Post: 04-08-03, 08:00 PM
  5. Results from my UDP Scan
    By onetopdog in forum Network Security
    Replies: 3
    Last Post: 10-22-01, 11:03 AM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •