Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: how nmap can know my firewalled servers ?

From: Nathaniel Hall <nathaniel.d.hall () gmail com>
Date: Wed, 12 Apr 2006 17:04:51 -0500
I am assuming you are using a DROP rule on your firewall.  NMAP knows
that if it does not receive a response for a TCP connection then it is
firewalled.  Dropping traffic at a firewall violates RFC and makes it
much easier to know when there is a firewall between the scanner and the
end host.  I recommend using REJECT

-A INPUT -j REJECT --reject-with icmp-host-unreachable

That will conform to RFC (I'm pretty sure) and will make it harder to
detect a firewall with NMAP.

Alexey Eremenko wrote:


Hi all !

I know that "nmap" can show open ports. But nmap also shows my
firewalled ports !
How?

Since some servers (like apache) are firewalled with iptables, how can
nmap know wherever
my system run the service with open port, filtered port or doesn't run
it at all ?
 


-- 
Nathaniel Hall, GSEC GCFW GCIA


-------------------------------------------------------------------------
This List Sponsored by: Webroot

Don't leave your confidential company and customer records un-protected. 
Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no 
obligation. See why so many companies trust Spy Sweeper Enterprise to 
eradicate spyware from their networks.
FREE 30-Day Trial of Spy Sweeper Enterprise

http://www.webroot.com/forms/enterprise_lead.php
--------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: