NMAP question about mapping Firewall Rule Sets

["Kevin Melton" <kmelton1 () comcast net>]

Hello

 

I have used NMAP for quite some time now, but I have a question that I have
been attempting to have answered for awhile with no success.

 

I have created specific Rule sets for the 3 Firewalls used on a Customer
site.  I want to test the Firewall rule sets on each for accuracy.

 

The NMAP documentation does discuss using a " -sA"  option for testing Rule
Sets, but I cannot seem to get it to produce results that are consistent
with the known open ports on the Firewall.  

 

Can you take a moment and give your best recommendation for mapping a
Firewall's Rule Set?

 

Also, I have some security ACL's on the routers which are facing the
Internet and in front of my Firewalls.  Will the IP ACL's on these have any
impact on NMAP getting a clean look at my firewalls??  It does not seem to
have an impact as when I am on the customer site, I put my scanner (nmap)
directly behind the routers and in front of the Firewall.  But the results
are always the same.

 

P.S.  the Firewalls in question are Cisco PIX firewalls.

 

Thank You.

 

 

 

Kevin P. Melton

President

KMNR Network Resources, Inc.

8009 Mike Mundie Lane

Mechanicsville, Virginia

804-789-0093

 <mailto:kevin () kmnr1 com> kevin () kmnr1 com

 


_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://SecLists.Org