Firewall Wizards mailing list archives
result question
From: rmck <rmckeever () earthlink net>
Date: Wed, 27 Aug 2003 14:57:42 -0700 (PDT)
Hello, I was wondering if somone could explain to me why the tool (nmap) gives the following results. Is it really getting through my firewalls?? I have a mysql (port 3306) machine that is behind two firewalls (both netscreens). I run nmap from home (3 scans), outside of all the firewalls, as so: First A: nmap -sT -P0 -p 3306 -T 3 111.111.111.111 Result A: Starting nmap V. 3.0 ( www.insecure.org/nmap ) Interesting ports on mach.com.com (111.111.111.111): Port State Service 3306/tcp filtered mysql Nmap run completed -- 1 IP address (1 host up) scanned in 38 seconds I feel I understand these results nmap labels a port as "filtered" if it does not receive either a SYN-ACK or a RST in response to a SYN packet. A ?????????sT scan sends a SYN. But these last two just get me.... B: nmap -sF -P0 -p 3306 -T 3 111.111.111.111 Result B: Starting nmap V. 3.0 ( www.insecure.org/nmap ) Interesting ports on mach.com.com (111.111.111.111): Port State Service 3306/tcp open mysql Nmap run completed -- 1 IP address (1 host up) scanned in 13 seconds Whats happening here?? Nothing shows in my firewall logs?? Is it really getting through? Or is it assuming its open because it gets no response?? C: nmap -sU -P0 -p 3306 -T 3 111.111.111.111 Result C: Starting nmap V. 3.0 ( www.insecure.org/nmap ) Interesting ports on mach.com.com (111.111.111.111): Port State Service 3306/udp open unknown Nmap run completed -- 1 IP address (1 host up) scanned in 13 seconds So reading on nmap pages I got this "UDP scanning (-sU) in NMAP has the same problem as FIN scans in that packet filtered ports will turn up as being open ports." So am I correct in thinking nmap is assuming a port is opened if no response is given. Or does nmap get through with out being logged?? Thank you for your time, and any input you can give me ... Ron _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- result question rmck (Aug 28)
- Re: result question franco segna (Aug 28)
- <Possible follow-ups>
- RE: result question Whiteside, Larry [contractor] (Aug 28)
- RE: result question Mike Hoskins (Aug 28)