Nmap Development mailing list archives
RE: Nmap and Watchguard firewalls
From: "Kern, Tom" <tkern () CHARMER COM>
Date: Tue, 24 May 2005 14:29:32 -0400
I'm passing packets out. The watchguard doesn't do any egress deep packet analysis like that. Thanks Matthew Heine wrote:
OS detection depends on response to invalid packets. Some firewalls, and other network utilities do not pass invalid packets through. Therefore whatever response nmap gets is from the firewall. Kern, Tom wrote:I'm sorry, I don't think I'm being clear here. I want to know WHY nmap seems to fingerprint the firewall when i'm scanning any host outside the firewall? I'm not running any kind of proxy. I'd like to know why this happens. Besides, turning off the firewall for the duration of a scan seems risky to me... Jorge Luis Jimenez wrote:Proved with -sS why you can't disable the fw you are the administrator right? Jorge Luis Jimenez Tech and Network Support SIASoft Santo Domingo, Republica Dominicana Ofic.809-530-7638, Cel.809-304-1660 Fax.809-537-6603 Email j.jimenez () siasoft net Email jorgel.jimenez () gmail com -----Original Message----- From: Kern, Tom [mailto:tkern () CHARMER COM] Sent: Tuesday, May 24, 2005 1:33 PM To: Jorge Luis Jimenez Subject: RE: Nmap and Watchguard firewalls I want to know the techincal reason why when i do a scan with nmap from behind a Watchguard firewall, I don't get the host i'm scanning but the attrubutes of the firewall instead? Is this Watchguard or namp? Why is it happening? Thanks Jorge Luis Jimenez wrote:What is the really do yo want Jorge Luis Jimenez Tech and Network Support SIASoft Santo Domingo, Republica Dominicana Ofic.809-530-7638, Cel.809-304-1660 Fax.809-537-6603 Email j.jimenez () siasoft net Email jorgel.jimenez () gmail com -----Original Message----- From: Kern, Tom [mailto:tkern () CHARMER COM] Sent: Tuesday, May 24, 2005 11:44 AM To: Jorge Luis Jimenez Subject: RE: Nmap and Watchguard firewalls I can't disable my FW just to port scan a host. Do you or anyone knows why this occurs? thanks Jorge Luis Jimenez wrote:I have more less the same problem but I have isa Server I disable the isa Server and the nmap working show me my open port Jorge Luis Jimenez Tech and Network Support SIASoft Santo Domingo, Republica Dominicana Ofic.809-530-7638, Cel.809-304-1660 Fax.809-537-6603 Email j.jimenez () siasoft net Email jorgel.jimenez () gmail com -----Original Message----- From: Kern, Tom [mailto:tkern () CHARMER COM] Sent: Tuesday, May 24, 2005 11:31 AM To: Jorge Luis Jimenez Subject: RE: Nmap and Watchguard firewalls Sorry, I only speak english. My apologies Jorge Luis Jimenez wrote:Please contac me by j.jimenez () siasot net not by Hotmail.com if you speake spanish better Jorge Luis Jimenez Tech and Network Support SIASoft Santo Domingo, Republica Dominicana Ofic.809-530-7638, Cel.809-304-1660 Fax.809-537-6603 Email j.jimenez () siasoft net Email jorgel.jimenez () gmail com -----Original Message----- From: nmap-dev-bounces () insecure org [mailto:nmap-dev-bounces () insecure org] On Behalf Of Kern, Tom Sent: Tuesday, May 24, 2005 9:16 AM To: nmap-dev () insecure org Subject: Nmap and Watchguard firewalls Hi. I don't know if this is the appropriate place to send this email so i apologize in advance. I have an issue where i'm running an nmap scan against my interent router(cisco). This router sits in front of a Watchguard firebox X firewall. Whenever i run the scan, the fingerprint that I get back is the Watchguard itself. This happens when I run it against my home network(or any host outside the firewall). It always comes back as Watchguard. I run nmap with the -vv sS -O switches against the ip of the host. I've run nmap from a Windows xp sp1 box and a RedHat Enterprise Linux box. Same result. Also, the linux box is not NAT/PATed by the firewall or router. The router does no NAT. The firewall is running an smtp and dns proxy. All the other services are stateful packet inspection. Watchguard has been silent on the issue but it seems the firebox x is doing some rewriting but I can't tell for sure. When i run ethereal from the nmap host, i can see the packets going to the destination ok. However, at the router, when i run a packet filter, i see nothing going to the destination i'm nmaping or the source nmap host. I was wondering if you knew of any isses with nmap and Watchguard. I apologize again if this is the wrong place to email this or for wasting your time. Thank you _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
_______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev
Current thread:
- Nmap and Watchguard firewalls Kern, Tom (May 24)
- Re: Nmap and Watchguard firewalls MadHat (May 24)
- <Possible follow-ups>
- RE: Nmap and Watchguard firewalls Kern, Tom (May 24)
- Re: Nmap and Watchguard firewalls Matthew Heine (May 24)
- RE: Nmap and Watchguard firewalls Kern, Tom (May 24)
- RE: Nmap and Watchguard firewalls Alex R (May 24)
- RE: Nmap and Watchguard firewalls check (May 24)
- RE: Nmap and Watchguard firewalls Kern, Tom (May 24)
- RE: Nmap and Watchguard firewalls Mike Crabtree (May 24)
- RE: Nmap and Watchguard firewalls Mike Crabtree (May 24)
- RE: Nmap and Watchguard firewalls Paul Hieb (Jun 02)