SRX

 View Only
last person joined: 2 days ago 

Ask questions and share experiences about the SRX Series, vSRX, and cSRX.
  • 1.  SRX300 - FTP 21 open port

    Posted 12-09-2023 16:34

    Hi

    Nmap scan shows me open port 21 ftp 

    I have deleted system services ftp and alg disable from configuration

    Why services ftp works and how to disable it?



    ------------------------------
    Best regards
    Marek
    ------------------------------


  • 2.  RE: SRX300 - FTP 21 open port

    Posted 12-14-2023 19:29

    https://supportportal.juniper.net/s/article/SRX-NMAP-shows-SRX-is-opening-unused-ports?language=en_US



    ------------------------------
    Best regards
    Marek
    ------------------------------



  • 3.  RE: SRX300 - FTP 21 open port

     
    Posted 12-15-2023 02:54

    Hi Marek,

    by replying to yourself with this link are you confirming that this is caused in your scenario because screens are configured?

    Regards

    Ulf




  • 4.  RE: SRX300 - FTP 21 open port

    Posted 12-15-2023 08:00

    Hi Ulf

    Thanks for your repley ;)
    I hope that is the reason, any suggestions are very appreciated.



    ------------------------------
    Best regards
    Marek
    ------------------------------



  • 5.  RE: SRX300 - FTP 21 open port

     
    Posted 12-18-2023 03:19

    Hi,

    1. I'm doubtful the KB is applicable in your case as it has ftp enabled in the config whereas you have it disabled.
    2. Do you have screens configured for the zone (where the SRX interface resides) you're scanning?
    3. If so, could you momentarily turn these off to confirm?

    Regards

    Ulf




  • 6.  RE: SRX300 - FTP 21 open port

    Posted 12-18-2023 16:46
    Edited by Marek Sus 12-18-2023 16:52

    Hi,

    Yes, I have screens configured for the zone untrust public I'm scanning (among others: tcp syn-flood). 

    I did these momentarily turn off to confirm, and nmap shows port ftp 21 still open. I'm using nmap version 7.94 

    nmap -Pn <ip> (- Pn: Treat all hosts as online -- skip host discovery)

    I randomly tried a different IP address and it also showed that the FTP port was open. I don't know, but it looks like an nmap bug and I noticed the same behavior when scanning from Windows or MacOS.

    I have done this scan from other network.

    Could you recommend some scanning tool ?



    ------------------------------
    Best regards
    Marek
    ------------------------------



  • 7.  RE: SRX300 - FTP 21 open port

     
    Posted 12-27-2023 05:56

    Hi,

    I just tested with nmap 7.9.4 too (before 7.80) and don't see this issue, so I don't think it's a problem with nmap, but something else in your local environment interferes with the scan/connections.

    Regards

    Ulf