Cisco PIX Stealth Problem

[Axman]

I'm having some real problems getting my Cisco PIX 506e to stealth ports without blocking them. After about five hours going over manuals written in Ciscoese I figured I should just ask for help.

So how on earth do I begin stealthing ports?

 

[Fint]

what is stealthing a port?

 

[Malk-a-mite]

Wild guess?
GRC.com online scanner talks about a port being stealthed if they don't recieve a response from the scan.

Basically dropping the packet without giving a response.

 

[Axman]

Essentially, that's right; the firewall only allows solicited packets through to the SMTP connector; it generally denies ICMP packets directed to a, several, or all ports while still allowing traffic through. But I've got to be doing something wrong because if I make a "block ICMP on port 25" rule it stops all email.

Our mail server, because it's running IIS, is exposed to a small exploit that allows some spammers to use it as a relay. I haven't set up a port scan filter yet, but that's also on the chopping block.

 

[Malk-a-mite]

Maybe posting your config (minus the ip details) would be a better route if you think it's a config error, defiantely easier to fix a config than replace the device.

 

[Fint]

ICMP is directed to an IP, but doesn't use port numbers.; its a layer 3 protocol. TCP/UDP port numbers are layer 4.