Security Basics mailing list archives
Re: how nmap can know my firewalled servers ?
From: "Alice Bryson" <abryson () bytefocus com>
Date: Thu, 13 Apr 2006 09:26:21 +0800
Yes, i agree that. How about UDP, if an udp port firewalled, how does NMAP know it? 2006/4/13, Nathaniel Hall <nathaniel.d.hall () gmail com>:
I am assuming you are using a DROP rule on your firewall. NMAP knows that if it does not receive a response for a TCP connection then it is firewalled. Dropping traffic at a firewall violates RFC and makes it much easier to know when there is a firewall between the scanner and the end host. I recommend using REJECT -A INPUT -j REJECT --reject-with icmp-host-unreachable That will conform to RFC (I'm pretty sure) and will make it harder to detect a firewall with NMAP. Alexey Eremenko wrote:Hi all ! I know that "nmap" can show open ports. But nmap also shows my firewalled ports ! How? Since some servers (like apache) are firewalled with iptables, how can nmap know wherever my system run the service with open port, filtered port or doesn't run it at all ?-- Nathaniel Hall, GSEC GCFW GCIA ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
-- http://www.lwang.org lwang.org provides online base64 encode and decode, crc32 md5 and sha1 hashing, online ciphers, encryption and decryption. We are engaged in adding more common use lookup service. We collect spam for research at abryson () bytefocus com ------------------------------------------------------------------------- This List Sponsored by: Webroot Don't leave your confidential company and customer records un-protected. Try Webroot's Spy Sweeper Enterprise(TM) for 30 days for FREE with no obligation. See why so many companies trust Spy Sweeper Enterprise to eradicate spyware from their networks. FREE 30-Day Trial of Spy Sweeper Enterprise http://www.webroot.com/forms/enterprise_lead.php --------------------------------------------------------------------------
Current thread:
- how nmap can know my firewalled servers ? Alexey Eremenko (Apr 12)
- Re: how nmap can know my firewalled servers ? ilaiy (Apr 12)
- Re: how nmap can know my firewalled servers ? Alexey Eremenko (Apr 12)
- Re: how nmap can know my firewalled servers ? Harrison Holland (Apr 12)
- Re: how nmap can know my firewalled servers ? Nathaniel Hall (Apr 12)
- Re: how nmap can know my firewalled servers ? Alice Bryson (Apr 13)
- Re: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 13)
- Re: how nmap can know my firewalled servers ? Gregory Boyce (Apr 17)
- Re: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 17)
- Re: how nmap can know my firewalled servers ? Alice Bryson (Apr 13)
- Re: how nmap can know my firewalled servers ? Gregory Boyce (Apr 13)
- Re: how nmap can know my firewalled servers ? ilaiy (Apr 12)
- Re: how nmap can know my firewalled servers ? Alexey Eremenko (Apr 13)
- Re: how nmap can know my firewalled servers ? manu (Apr 13)
- Re: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 13)
- Re[2]: how nmap can know my firewalled servers ? Thierry Zoller (Apr 17)
- Re: Re[2]: how nmap can know my firewalled servers ? Arturas Zalenekas (Apr 17)
- Message not available
- Fwd: Re[2]: how nmap can know my firewalled servers ? John Bond (Apr 19)