Security Basics mailing list archives
Re: Nmap, Firewall Testing, Idlescan?
From: Joachim Schipper <j.schipper () math uu nl>
Date: Thu, 3 Feb 2005 01:01:02 +0100
On Tue, Feb 01, 2005 at 02:52:57PM -0000, j_goodman00 () yahoo co uk wrote:
Hi, I have a couple of routers at various sites which include firewalls & I would like to use nmap to test them. I have been experimenting with idlescans in an attempt to fool the firewall, but have been unsuccessful & am unsure if this is the firewall working, or me failing! :) I am attempting to 'bounce' the scans off another computer of mine on a different connection: e.g. MyIP is 1.2.3.1 BounceIP is 1.2.4.1 TargetIP is 1.2.5.1 nmap -T5 -v -P0 -sI 1.2.4.1 1.2.5.1 When I look at the firewall logs they show logs along the lines of the following: Source 1.2.3.1 Destination:1.2.5.1 Does this mean the firewall is working & successfully filtering the spoofed IP packets, or am I doing something wrong? Cheers, James
Dear James, You are doing something wrong. Check that you're not behind 1.2.5.1, or something. (The above command line works for me, using nmap 3.75, and manages to fool the logs as expected.) It's hard to tell whether or not the firewall works - look at nmap's output for that! However, it shouldn't be able to find out your IP. Otherwise, please tell me what firewall this is, for I'd dearly love to have one! Nmap's idlescan plain scares me. (Of course, it seems to be easier just to hack a vulnerable host somewhere, and scan from that.) Joachim
Current thread:
- Nmap, Firewall Testing, Idlescan? j_goodman00 (Feb 02)
- Re: Nmap, Firewall Testing, Idlescan? Joachim Schipper (Feb 03)
- Re: Nmap, Firewall Testing, Idlescan? david kuhlman (Feb 03)
- Re: Nmap, Firewall Testing, Idlescan? James Goodman (Feb 03)
- Re: Nmap, Firewall Testing, Idlescan? Times Enemy (Feb 04)