If we make the assumption that the server is in fact "behind" a firewall (assuming a HW Firewall here,) then how did a fast scan provide so much information?

i.e. does it appear the firewall is set up correctly? Or is the rule set simply too loose?

opinions?

.: Aftiel