PaulDotCom mailing list archives

Firewall Audit

From: mike.patterson at unb.ca (Mike Patterson)
Date: Wed, 10 Jun 2009 09:39:50 -0400

Paul Asadoorian wrote on 6/10/09 8:21 AM:

Chris Bentley wrote:

Paul/Ron any idea what type of scans I could run using nmap or nessus.
Also this would make a good technical segment for the show.


Great question!  See below for answers that are just off the top of my head:

1) nmap -sT -n -T4 -p1-65535 <targets behind the firewall>


Might as well go with -p0- at that point.  Who knows, you might pick up
something weird.  The SANS "are you ready for this course" quiz is
incorrect on this point...

That will take some time, but the connect() scan works better for
firewalls and causes them not to crash/fill up state table.  Always scan
all ports, and you can also mess around with different source ports too.


-T4 may make your firewall go crazy too.  I was always loath to go
through our NS500s with that.

2) nmap -sU -n -T4 -p1-65535 <targets behind the firewall>

Don't forget UDP!


Or port 0!  :)

Mike

Current thread:

Firewall Audit, (continued)
- Firewall Audit Jack Daniel (Jun 09)
  - Firewall Audit Chris Bentley (Jun 10)
  - Firewall Audit Florian Sicking (Jun 10)
- Firewall Audit Ron Gula (Jun 10)
  - Firewall Audit Tim Mugherini (Jun 10)
  - Firewall Audit Paul Asadoorian (Jun 10)
    - Firewall Audit Chris Bentley (Jun 10)
    - Firewall Audit Paul Asadoorian (Jun 10)
    - Firewall Audit Albert R. Campa (Jun 10)
    - Firewall Audit Chris Bentley (Jun 10)
    - Firewall Audit Mike Patterson (Jun 10)
    - Firewall Audit Ron Gula (Jun 10)
- Firewall Audit Patrick Yager (Jun 10)