Gaping Holes In 2008 Server Advanced Firewall

Port scan of 2008 Server, revealing gaping holes in the Advanced Firewall

I used Zenmap 5.00 to scan the public network interface on one of my 2008 Servers (pre-R2).

Here is the report from Zenmap revealing the gaping holes in the firewall:
(address changed to protect the innocent)
Windows 2008 (pre-R2), Domain Controller
Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-01 06:00 Central Daylight Time
NSE: Loaded 30 scripts for scanning.
Initiating ARP Ping Scan at 13:41
Scanning 207.46.197.32 [1 port]
Completed ARP Ping Scan at 13:41, 0.39s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 13:41
Completed Parallel DNS resolution of 1 host. at 13:41, 0.00s elapsed
Initiating SYN Stealth Scan at 13:41
Scanning 207.46.197.32 [65535 ports]
Discovered open port 53/tcp on 207.46.197.32
Discovered open port 135/tcp on 207.46.197.32
Discovered open port 3389/tcp on 207.46.197.32
Discovered open port 49154/tcp on 207.46.197.32
Discovered open port 3269/tcp on 207.46.197.32
Discovered open port 49158/tcp on 207.46.197.32
Discovered open port 464/tcp on 207.46.197.32
SYN Stealth Scan Timing: About 15.02% done; ETC: 13:44 (0:02:55 remaining)
Discovered open port 10000/tcp on 207.46.197.32
Discovered open port 2179/tcp on 207.46.197.32
Discovered open port 636/tcp on 207.46.197.32
Discovered open port 88/tcp on 207.46.197.32
SYN Stealth Scan Timing: About 40.46% done; ETC: 13:43 (0:01:30 remaining)
Discovered open port 49156/tcp on 207.46.197.32
Discovered open port 49212/tcp on 207.46.197.32
Discovered open port 49165/tcp on 207.46.197.32
Discovered open port 593/tcp on 207.46.197.32
SYN Stealth Scan Timing: About 69.47% done; ETC: 13:43 (0:00:40 remaining)
Discovered open port 5357/tcp on 207.46.197.32
Discovered open port 3268/tcp on 207.46.197.32
Discovered open port 49157/tcp on 207.46.197.32
Discovered open port 389/tcp on 207.46.197.32
Completed SYN Stealth Scan at 13:43, 121.24s elapsed (65535 total ports)
Initiating Service scan at 13:43
Scanning 19 services on 207.46.197.32
Completed Service scan at 13:44, 43.79s elapsed (19 services on 1 host)
Initiating OS detection (try #1) against 207.46.197.32
NSE: Script scanning 207.46.197.32.
NSE: Starting runlevel 1 scan
Initiating NSE at 13:44
Completed NSE at 13:44, 4.03s elapsed
NSE: Script Scanning completed.
Host 207.46.197.32 is up (0.0041s latency).
Interesting ports on 207.46.197.32:
Not shown: 65516 filtered ports
PORT      STATE SERVICE       VERSION
53/tcp    open  domain        Microsoft DNS 6.0.6001
88/tcp    open  kerberos-sec  Microsoft Windows kerberos-sec
135/tcp   open  msrpc         Microsoft Windows RPC
389/tcp   open  ldap
464/tcp   open  kpasswd5?
593/tcp   open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
636/tcp   open  tcpwrapped
2179/tcp  open  unknown
3268/tcp  open  ldap
3269/tcp  open  tcpwrapped
3389/tcp  open  microsoft-rdp Microsoft Terminal Service
5357/tcp  open  http          Microsoft HTTPAPI httpd 2.0 (SSDP/UPnP)
|_ html-title: Service Unavailable
10000/tcp open  backupexec    Veritas Backup Exec 9.0
49154/tcp open  msrpc         Microsoft Windows RPC
49156/tcp open  msrpc         Microsoft Windows RPC
49157/tcp open  ncacn_http    Microsoft Windows RPC over HTTP 1.0
49158/tcp open  msrpc         Microsoft Windows RPC
49165/tcp open  msrpc         Microsoft Windows RPC
49212/tcp open  msrpc         Microsoft Windows RPC
MAC Address: 00:03:6D:1A:6F:2F (Runtop)
Warning: OSScan results may be unreliable because we could not find at least 1 open
 and 1 closed port
Device type: general purpose
Running: Microsoft Windows Vista|2008
OS details: Microsoft Windows Vista SP0 or SP1 or Server 2008 SP1
Uptime guess: 51.096 days (since Fri Jan 29 10:26:11 2010)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=254 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows

Host script results:
|_ nbstat: ERROR: Name query failed: TIMEOUT

Read data files from: C:\Program Files\Nmap
OS and Service detection performed. Please report any incorrect results
 at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 175.22 seconds
           Raw packets sent: 131176 (5.774MB) | Rcvd: 116 (5440B)
----------------------------------------------------------------------------------
Windows 2008 R2, Stand-alone server
Starting Nmap 5.00 ( http://nmap.org ) at 2010-01-01 06:00 Central Daylight Time
NSE: Loaded 30 scripts for scanning.
Initiating ARP Ping Scan at 06:20
Scanning 207.46.197.32 [1 port]
Completed ARP Ping Scan at 06:20, 0.27s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 06:20
Completed Parallel DNS resolution of 1 host. at 06:20, 0.00s elapsed
Initiating SYN Stealth Scan at 06:20
Scanning 207.46.197.32 [65535 ports]
Discovered open port 3389/tcp on 207.46.197.32
Discovered open port 139/tcp on 207.46.197.32
Discovered open port 135/tcp on 207.46.197.32
Discovered open port 49154/tcp on 207.46.197.32
SYN Stealth Scan Timing: About 17.91% done; ETC: 06:23 (0:02:22 remaining)
SYN Stealth Scan Timing: About 43.89% done; ETC: 06:22 (0:01:18 remaining)
Discovered open port 2179/tcp on 207.46.197.32
SYN Stealth Scan Timing: About 75.18% done; ETC: 06:22 (0:00:30 remaining)
Completed SYN Stealth Scan at 06:22, 111.36s elapsed (65535 total ports)
Initiating Service scan at 06:22
Scanning 5 services on 207.46.197.32
Completed Service scan at 06:22, 43.61s elapsed (5 services on 1 host)
Initiating OS detection (try #1) against 207.46.197.32
NSE: Script scanning 207.46.197.32.
NSE: Starting runlevel 1 scan
Initiating NSE at 06:22
Completed NSE at 06:22, 0.01s elapsed
NSE: Starting runlevel 2 scan
Initiating NSE at 06:22
Completed NSE at 06:23, 40.00s elapsed
NSE: Script Scanning completed.
Host 207.46.197.32 is up (0.00046s latency).
Interesting ports on 207.46.197.32:
Not shown: 65530 filtered ports
PORT      STATE SERVICE       VERSION
135/tcp   open  msrpc         Microsoft Windows RPC
139/tcp   open  netbios-ssn
2179/tcp  open  unknown
3389/tcp  open  ms-term-serv?
49154/tcp open  msrpc         Microsoft Windows RPC
MAC Address: 00:04:5A:79:08:81 (The Linksys Group)
Warning: OSScan results may be unreliable because we could not find at least 1 open
 and 1 closed port
Device type: general purpose
Running: Microsoft Windows Vista|2008
OS details: Microsoft Windows Vista or Windows Server 2008 SP1, Microsoft Windows Vista
 SP0 or SP1 or Server 2008 SP1
Uptime guess: 0.812 days (since Mon Mar 15 10:54:50 2010)
Network Distance: 1 hop
TCP Sequence Prediction: Difficulty=258 (Good luck!)
IP ID Sequence Generation: Incremental
Service Info: OS: Windows

Host script results:
|_ nbstat: ERROR: Couldn't find NetBIOS server name

Read data files from: C:\Program Files\Nmap
OS and Service detection performed. Please report any incorrect results
 at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 198.38 seconds
           Raw packets sent: 131189 (5.774MB) | Rcvd: 101 (4468B)
----------------------------------------------------------------------------------
After disabling all 'Public' allowed ports, Windows 2008 R2, Stand-alone server
(All enabled rules with Profile of 'All' were copied to Profile 'Public' and disabled)
Starting Nmap 5.00 ( http://nmap.org ) at 2010-03-22 18:22 Central Daylight Time
NSE: Loaded 30 scripts for scanning.
Initiating ARP Ping Scan at 18:22
Scanning 207.46.197.32 [1 port]
Completed ARP Ping Scan at 18:22, 0.22s elapsed (1 total hosts)
Initiating Parallel DNS resolution of 1 host. at 18:22
Completed Parallel DNS resolution of 1 host. at 18:22, 0.00s elapsed
Initiating SYN Stealth Scan at 18:22
Scanning 207.46.197.32 [65535 ports]
Discovered open port 3389/tcp on 207.46.197.32
SYN Stealth Scan Timing: About 18.16% done; ETC: 18:25 (0:02:20 remaining)
SYN Stealth Scan Timing: About 44.06% done; ETC: 18:24 (0:01:17 remaining)
SYN Stealth Scan Timing: About 74.12% done; ETC: 18:24 (0:00:32 remaining)
Completed SYN Stealth Scan at 18:24, 113.52s elapsed (65535 total ports)
Initiating Service scan at 18:24
Scanning 1 service on 207.46.197.32
Completed Service scan at 18:24, 0.95s elapsed (1 service on 1 host)
Initiating OS detection (try #1) against 207.46.197.32
Retrying OS detection (try #2) against 207.46.197.32
WARNING:  RST from 207.46.197.32 port 3389 -- is this port really open?
WARNING:  RST from 207.46.197.32 port 3389 -- is this port really open?
NSE: Script scanning 207.46.197.32.
NSE: Script Scanning completed.
WARNING:  RST from 207.46.197.32 port 3389 -- is this port really open?
WARNING:  RST from 207.46.197.32 port 3389 -- is this port really open?
Host 207.46.197.32 is up (0.0012s latency).
Interesting ports on 207.46.197.32:
Not shown: 65534 filtered ports
PORT     STATE SERVICE       VERSION
3389/tcp open  ms-term-serv?
MAC Address: 00:04:5A:79:08:81 (The Linksys Group)
Warning: OSScan results may be unreliable because we could not find at least 1 open
 and 1 closed port
Device type: firewall
Running (JUST GUESSING) : ZyXEL ZyNOS 3.X (85%)
Aggressive OS guesses: ZyXEL ZyWALL 2 or Prestige 660HW-61 ADSL router (ZyNOS 3.62) (85%)
No exact OS matches for host (test conditions non-ideal).
Network Distance: 1 hop

Read data files from: C:\Program Files\Nmap
OS and Service detection performed. Please report any incorrect results
 at http://nmap.org/submit/ .
Nmap done: 1 IP address (1 host up) scanned in 121.64 seconds
           Raw packets sent: 131232 (5.778MB) | Rcvd: 108 (4850B)
Copyright 1996-2021 Ohman Automation Corp. All rights reserved.