Skip site navigation (1)Skip section navigation (2)
Date:      Thu, 07 Oct 2004 16:07:27 -0400
From:      Chuck Swiger <cswiger@mac.com>
To:        Norm Vilmer <norm@etherealconsulting.com>
Cc:        freebsd-questions@freebsd.org
Subject:   Re: nmap'ing myself
Message-ID:  <4165A1FF.5080906@mac.com>
In-Reply-To: <416595F3.1030601@etherealconsulting.com>
References:  <416595F3.1030601@etherealconsulting.com>

next in thread | previous in thread | raw e-mail | index | archive | help
Norm Vilmer wrote:
[ ... ]
> My question is: from a "well" configured firewall, "Should" I be able to 
> nmap the public interface using a console session on the firewall
> itself?

Sure.  nmap should return close to zero open ports.

> Will allowing this compromising security of the machine?

nmap doesn't compromise the security of your machine.  Having open ports 
connected to vulnerable services is the primary security risk.

> Basically, should I even attempt to make this work?

What is "this"?

> What's a good way to test your own firewall without driving down
> the road (and hacking into an unsecured linksys wireless router....
> just kidding)?

Put another machine on the subnet of your external interface, and do an nmap 
scan from there.  That represents what your ISP would see, or a bad guy who 
compromised the ISP possibly up through the DSL modem you have.

-- 
-Chuck



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4165A1FF.5080906>