Nmap Development mailing list archives
NMAP question about mapping Firewall Rule Sets
From: "Kevin Melton" <kmelton1 () comcast net>
Date: Tue, 9 Jan 2007 18:18:44 -0500
Hello I have used NMAP for quite some time now, but I have a question that I have been attempting to have answered for awhile with no success. I have created specific Rule sets for the 3 Firewalls used on a Customer site. I want to test the Firewall rule sets on each for accuracy. The NMAP documentation does discuss using a " -sA" option for testing Rule Sets, but I cannot seem to get it to produce results that are consistent with the known open ports on the Firewall. Can you take a moment and give your best recommendation for mapping a Firewall's Rule Set? Also, I have some security ACL's on the routers which are facing the Internet and in front of my Firewalls. Will the IP ACL's on these have any impact on NMAP getting a clean look at my firewalls?? It does not seem to have an impact as when I am on the customer site, I put my scanner (nmap) directly behind the routers and in front of the Firewall. But the results are always the same. P.S. the Firewalls in question are Cisco PIX firewalls. Thank You. Kevin P. Melton President KMNR Network Resources, Inc. 8009 Mike Mundie Lane Mechanicsville, Virginia 804-789-0093 <mailto:kevin () kmnr1 com> kevin () kmnr1 com _______________________________________________ Sent through the nmap-dev mailing list http://cgi.insecure.org/mailman/listinfo/nmap-dev Archived at http://SecLists.Org
Current thread:
- NMAP question about mapping Firewall Rule Sets Kevin Melton (Jan 09)