Security Basics mailing list archives
Re: how nmap can know my firewalled servers ?
From: Nathaniel Hall <nathaniel.d.hall () gmail com>
Date: Wed, 12 Apr 2006 17:04:51 -0500
I am assuming you are using a DROP rule on your firewall. NMAP knows that if it does not receive a response for a TCP connection then it is firewalled. Dropping traffic at a firewall violates RFC and makes it much easier to know when there is a firewall between the scanner and the end host. I recommend using REJECT -A INPUT -j REJECT --reject-with icmp-host-unreachable That will conform to RFC (I'm pretty sure) and will make it harder to detect a firewall with NMAP. Alexey Eremenko wrote:
Hi all ! I know that "nmap" can show open ports. But nmap also shows my firewalled ports ! How? Since some servers (like apache) are firewalled with iptables, how can nmap know wherever my system run the service with open port, filtered port or doesn't run it at all ?
-- Nathaniel Hall, GSEC GCFW GCIA ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- how nmap can know my firewalled servers ? Alexey Eremenko (Apr 12)
- Re: how nmap can know my firewalled servers ? ilaiy (Apr 12)
- Re: how nmap can know my firewalled servers ? Alexey Eremenko (Apr 12)
- Re: how nmap can know my firewalled servers ? Harrison Holland (Apr 12)
- Re: how nmap can know my firewalled servers ? Nathaniel Hall (Apr 12)
- Re: how nmap can know my firewalled servers ? Alice Bryson (Apr 13)
- Re: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 13)
- Re: how nmap can know my firewalled servers ? Gregory Boyce (Apr 17)
- Re: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 17)
- Re: how nmap can know my firewalled servers ? Alice Bryson (Apr 13)
- Re: how nmap can know my firewalled servers ? Gregory Boyce (Apr 13)
- Re: how nmap can know my firewalled servers ? ilaiy (Apr 12)
- Re: how nmap can know my firewalled servers ? Alexey Eremenko (Apr 13)
- Re: how nmap can know my firewalled servers ? manu (Apr 13)
- Re: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 13)
- Re[2]: how nmap can know my firewalled servers ? Thierry Zoller (Apr 17)
- Re: Re[2]: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 17)