Nmap Development mailing list archives

Previous By Date Next
Previous By Thread Next

Re: help for port scanning on firewalls and routers

From: Matt <matt () use net>
Date: Tue, 16 Apr 2002 11:30:55 -0700 (PDT)
On Tue, 16 Apr 2002, Gerald Combs wrote:


On Tue, 16 Apr 2002, Joseph Taylor wrote:


I am planning to perform port scanning for routers and
firewalls security on my network.
My questions are about what benefits I will obtain by
running a port scanning tool (NMAP, ISS, etc..).

Will there be any difference in the results whether I
use this tool inside my network (from an internal IP)
or outside my network.



What's the aim of running this tool from internal
network?


Two main benefits are inventory and security analysis.  After running an
Nmap scan, people often find services (and entire machines) on their
network that they weren't aware of.  Internal scans can help you secure
your network from internal breakins (by employees) and from external
breakins (in case someone makes it through your firewall).



I'm not an IT/operations person, but I've used nmap for basic validation
of state table handling code in firewall/NAT/IDS/VPN applications and
devices. Doing some SYN/NULL/ACK/FIN scans through a firewall/NAT/VPN
device, both fragmented and non-fragmented can sometimes cause things like
a linksys NAT device to choke and die.

Another good tool for this kind of testing is isic, which I believe is
hsoted on packetfactory.net currently.

Sorry if this doesn't help you, I haven't really played much in this space
for a couple years. If you want to look at my old slides for hte testing
talk I did a few years ago, they're @
http://www.clock.org/~matt/thinks.html .

I'm currently working for a company that makes a "security QA" tool
(Cenzic, fka ClickToSecure), but it's a bit expensive and nmap + isic will validate what most people care
about.

Hope this helps!


--
http://www.clock.org/~matt


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).
Previous By Date Next
Previous By Thread Next

Current thread: