• pfsense 1.2 Live RC1

    This may have been added to help elude attackers?

    I have noticed when doing a port scan alot of ports are open. I know in earlier versions the WAN port was firewalled unless you specifically enable a port.

    21/tcp    open  ftp
    22/tcp    open  ssh
    23/tcp    open  telnet
    25/tcp    open  smtp
    40/tcp    open  unknown
    42/tcp    open  nameserver
    43/tcp    open  whois
    70/tcp    open  gopher
    79/tcp    closed finger
    80/tcp    open  http
    81/tcp    open  hosts2-ns
    82/tcp    open  xfer
    83/tcp    open  mit-ml-dev
    109/tcp  open  pop2
    110/tcp  open  pop3
    113/tcp  open  auth
    119/tcp  open  nntp
    389/tcp  open  ldap
    443/tcp  open  https
    554/tcp  open  rtsp
    709/tcp  open  entrustmanager
    829/tcp  open  unknown
    990/tcp  open  ftps
    1030/tcp  open  iad1
    1058/tcp  open  nim
    1059/tcp  open  nimreg
    1067/tcp  open  instl_boots
    1068/tcp  open  instl_bootc
    1076/tcp  open  sns_credit
    1080/tcp  open  socks
    1083/tcp  open  ansoft-lm-1
    1084/tcp  open  ansoft-lm-2
    1433/tcp  open  ms-sql-s
    1494/tcp  open  citrix-ica
    1723/tcp  open  pptp
    1755/tcp  open  wms
    3306/tcp  open  mysql
    3389/tcp  open  ms-term-serv
    5000/tcp  open  UPnP
    5800/tcp  open  vnc-http
    5900/tcp  open  vnc
    7070/tcp  open  realserver
    8000/tcp  open  http-alt
    8080/tcp  open  http-proxy
    8081/tcp  open  blackice-icecap
    8082/tcp  open  blackice-alerts
    8888/tcp  open  sun-answerbook
    9090/tcp  open  zeus-admin
    10082/tcp open  amandaidx
    10083/tcp open  amidxtape
    49400/tcp closed compaqdiag
    50000/tcp closed iiimsf
    50002/tcp closed iiimsf
    54320/tcp closed bo2k
    61439/tcp closed netprowler-manager
    61440/tcp closed netprowler-manager2
    61441/tcp closed netprowler-sensor
    65301/tcp closed pcanywhere

  • Have you enabled the firewall ? Does it not bypass ?

  • What tool are you scanning with?  What firewall rules have you enabled on the WAN?  And, as Matts said, did you disable the firewall?

  • Either you aren't scanning pfsense, or you opened a whole host including all ports to the world. That's the only way you could possibly see that large of a number of open ports. That looks like a typical Windows Server box with some odd stuff thrown in.

  • I am using nmap

    By default the WAN interface is firewalled, I did not diasable it.

    Perhaps I am not connected to the right box as dyndns may not be working.