Results of a 3rd party scan

A 3rd party did a scan of our public domain and came back with these findings. Do you agree with the findings and what would be an appropriate response?

Note: A Web Application Firewall (WAF) does not do the things a firewall does. The focus of a WAF is on the applications themselves, to provide highly granular and customizable logic for protecting the web application and the data behind the scenes. A web application firewall helps protect web applications by filtering and monitoring HTTP traffic between a web application and the Internet. It typically protects the applications from attacks such as cross-site forgery, cross-site-scripting (XSS), file inclusion, and SQL injection, among others:
• Host: 52.189.66.201; Port: 443 open; Application: nginx ssl/http
• Host: 52.189.66.201; Port 80 open; Application: nginx http
• Host: 216.84.167.24; Port 443 open; Application: nginx ssl/http
• Host: 216.84.167.24; Port 80 open; Application: nginx http
• Host: 199.193.156.131; Port 443 open, version 2.4.18; Application: Apache httpd ssl/http
• Host: 199.193.156.131; Port 80 open, version 2.4.18; Application: Apache httpd http
• Host: 172.67.40.222; Port 80 open; Application: Cloudflare http proxy http
• Host: 172.67.40.222 80; Port 80 open; Application: Cloudflare http proxy http
• Host: 172.67.40.222; Port 443 open; Application: nginx ssl/http
• Host: 172.67.40.222; Port 2082 open; Application: Cloudflare http proxy http
• Host: 172.67.40.222; Port 2083 open; Application: nginx ssl/http
• Host: 172.67.40.222; Port 2087 open; Application: nginx ssl/http
• Host: 172.67.40.222; Port 8443 open; Application: nginx ssl/http
• Host: 162.159.9.134; Port 53 open domain
• Host: 162.159.8.123; Port 53 open domain
• Host: 104.22.77.94; Port 80 open; Application: Cloudflare http proxy http
• Host: 104.22.77.94; Port 8080 open; Application: Cloudflare http proxy http
• Host: 104.22.77.94; Port 443 open; Application: nginx ssl/http
• Host: 104.22.77.94; Port 2082 open; Application: Cloudflare http proxy http
• Host: 104.22.77.94; Port 2083 open; Application: nginx ssl/http
• Host: 104.22.77.94; Port 2086 open; Application: Cloudflare http proxy http
• Host: 104.22.77.94; Port 2087 open; Application: nginx ssl/http
• Host: 104.22.77.94; Port 8443 open; Application: nginx ssl/http
• Host: 104.22.76.94; Port 80 open; Application: Cloudflare http proxy http
• Host: 104.22.76.94; Port 8080 open; Application: Cloudflare http proxy http
• Host: 104.22.76.94; Port 443 open; Application: nginx ssl/http
• Host: 104.22.76.94; Port 2082 open; Application: Cloudflare http proxy http
• Host: 104.22.76.94; Port 2083 open, Application: nginx ssl/http
• Host: 104.22.76.94; Port 2086 open, Application: Cloudflare http proxy http
• Host: 104.22.76.94; Port: 2087 open; Application: nginx ssl/http
• Host: 104.22.76.94 8443; Port: open; Application: nginx ssl/http

I am not sure what your question is. These ports are all default ports which Cloudflare supports and that is how the service works.

If you need to, you can block traffic on ports other than 80 and 443 for Pro, Business, and Enterprise domains via WAF rule id 100015: “Anomaly:Port - Non Standard Port (not 80 or 443)”.

Wouldn’t that only apply to a hostname port scan? It looks like they’re scanning the IP addresses for open ports.

The ports will always be reachable. Only, the firewall could pass the request eventually not on, but the overall question is still not clear to me.

This topic was automatically closed after 30 days. New replies are no longer allowed.