Why not pop a Nessus box up on the outside of your network and then use the NMAP scan feature and see what you come up with. You can then compare the results against your "no risk" scan. If you want, I can assist you with this as I have many Nessus servers sitting on the open internet.



--TH13