I'm running an nmap scan of a /24 network across an MPLS network and receiving unexpected responses on "proxy" related ports.
The traffic flow is:
linux nmap -> FW1 -> MPLS ->FW2 -> 192.168.10.0 /24
i'm expecting no responses as all traffic is blocked on the FW2 firewall, but here is an example of what i'm receiving for every IP in the block:
Nmap scan report for 192.168.10.127
Host is up (0.0014s latency).
Not shown: 994 filtered ports
PORT STATE SERVICE
80/tcp open http
1720/tcp open h323q931
3128/tcp open squid-http
8000/tcp open http-alt
8001/tcp open vcom-tunnel
8080/tcp open http-proxy
There is not even a device at this IP - 192.168.10.127
We do not have a proxy server, we do not have proxy enabled on any of the gateways. When i look at the fw logs between the nmap client and the 192.168.10.0 network, i see traffic hit both firewalls, accepted at FW1, and dropped at FW2 - EXCEPT FOR THE PORTS LISTED ABOVE. For those ports, i only see the traffic accepted on FW1.
Any thoughts as to what is responding?
Thanks - all versions are r80.40 jhfa 118