NimbostratusHi guy, My virtual server pulib to Internet via F5 and just open port http/80, https/443, but when i try to telnet port 1720 to Public IP of virtual server, it connect [telnet IP 1720], its working, althought i didnot open port 1720 at all Please explain why can i connect to port 1720 Thank you very much
What are the results of?
nmap -O
and if you capture the Nmap scan in a tcpdump do you see the packets making it to bigip?
tcpdump -i 0.0:nnn -w /var/tmp/port1720.pcap host and host
Hi,
Which TMOS version do you have? Could you post your Virtual Servers configuration?
Just for curiosity I did the test in different versions of TMOS without this abnormal behavior in BIG-IP.
This is the behavior in my lab:
telnet f5labs.test.lab 1720
Connecting To f5labs.test.lab...Could not open connection to the host, on port 1720: Connect failed
nmap -sT -p 1720 f5labs.test.lab
Starting Nmap ... Nmap scan report for f5labs.test.lab ... Host is up.
PORT STATE SERVICE
1720/tcp filtered h323q931
CirrusHi,
Is there a Check Point firewall between the internet and the F5, and is port 1720 (H323) used in the rule base as a custom service?
If have seen this kind of behavior with on of our customers. A telnet on port 1720 is accepted by the Check Point because Check Point wants to inspect the H323 traffic. Even if it is a custom service on the same port-number.
If there is a NAT rule, it seems like the F5 is accepting the connection, but in fact it is the Check Point.
Hope this helps.
Martijn.
