A scan of all services (protocols: TCP and UDP, all ports) was done.
An attempt was made to connect to the internal address of the firewall, the external address of the firewall, and to a node on the inside of the network. Appropriate routes and simulated routers were setup to allow the test to originate from a wide variety of external nodes.
The OttawaSun internal network uses invalid/unregistered class B networks internally. Attackers on the public internet can not route packets to the OttawaSun network unless they infiltrate the Ascend router. That attack/infiltration was simulated for this test.
The following port was found to respond on the internal address of the firewall: TCP port 25.
No other TCP or UDP traffic was found to flow through the firewall. This was done by observing the network on both sides of the firewall.
This port is the SMTP port and is therefore within keeping of the security policy.
DNS queries to the firewall from outside were attempted, and the firewall's name server responds. This is correct according to the security policy, but may not be what was intended. It may be possible for an attack to cause the firewall to reveal internal IP addresses and names. This situation could be determined from outside the firewall without connecting the firewall to an active Private Network.