Nmap Announce mailing list archives
nmap stealth FIN scan not detected by FW-1 V4.0?
From: "Olaf Selke" <Olaf.Selke () mediaWays net>
Date: Thu, 27 May 1999 12:39:27 +0200 (MET DST)
platform: FireWall-1 V4.0 Build 4037 VPN+DES, Solaris 2.6 nmap V2.12, Linux kernel 2.0.34 Today I did some nmap Stealth FIN scans (nmap -sF) against FireWall-1 V4.0 protected systems. The FIN scan uses a bare surprise FIN packet as the probe. foo@bar:/tmp > nmap -sF -P0 -p1-100 193.189.XXX.YYY I was not able to get any logging from the firewall software when sending these probes to protected systems. Neither directly with 'fw log' nor in the exported logfile generated with 'fw logexport' I found any clue. The FIN packets are handled by the FW software correctly according the rule set, so the systems behind the firewall should be secure. Nevertheless, an intruder could scan protected networks without the risk to become detected. What went wrong? Am I missing something or does FW-1 V4.0 really not log surprise FIN packets? I would rather prefer the idea that I'm wrong ;-) Olaf -- Olaf Selke, olaf.selke () mediaways net, voice +49 5241 80-7069
Current thread:
- nmap stealth FIN scan not detected by FW-1 V4.0? Olaf Selke (May 27)
- <Possible follow-ups>
- nmap stealth FIN scan not detected by FW-1 V4.0? Frank W. Keeney (May 27)
- RE: nmap stealth FIN scan not detected by FW-1 V4.0? BIDOU Renaud (May 27)