From owner-freebsd-questions@FreeBSD.ORG Thu Oct 7 23:14:00 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 1C22716A4CE for ; Thu, 7 Oct 2004 23:14:00 +0000 (GMT) Received: from smtp18.wxs.nl (smtp18.wxs.nl [195.121.6.14]) by mx1.FreeBSD.org (Postfix) with ESMTP id 7C5EB43D1F for ; Thu, 7 Oct 2004 23:13:59 +0000 (GMT) (envelope-from freebsd@akruijff.dds.nl) Received: from kruij557.speed.planet.nl (ipd50a97ba.speed.planet.nl [213.10.151.186]) by smtp18.wxs.nl (iPlanet Messaging Server 5.2 HotFix 1.25 (built Mar 3 2004)) with ESMTP id <0I5800JSSLVAOR@smtp18.wxs.nl> for freebsd-questions@freebsd.org; Fri, 08 Oct 2004 01:13:58 +0200 (CEST) Received: from alex.lan (localhost [127.0.0.1]) by kruij557.speed.planet.nl (8.12.10/8.12.10) with ESMTP id i97NDvqJ015639; Fri, 08 Oct 2004 01:13:57 +0200 Received: (from akruijff@localhost) by alex.lan (8.12.10/8.12.10/Submit) id i97NDuQW015638; Fri, 08 Oct 2004 01:13:56 +0200 Content-return: prohibited Date: Fri, 08 Oct 2004 01:13:56 +0200 From: Alex de Kruijff In-reply-to: <200410072322.42534.howells@kde.org> To: Chris Howells Message-id: <20041007231356.GB12508@alex.lan> MIME-version: 1.0 Content-type: text/plain; charset=us-ascii Content-transfer-encoding: 7BIT Content-disposition: inline User-Agent: Mutt/1.4.2.1i References: <416595F3.1030601@etherealconsulting.com> <4165A1FF.5080906@mac.com> <4165AD88.6030109@etherealconsulting.com> <200410072322.42534.howells@kde.org> X-Authentication-warning: alex.lan: akruijff set sender to freebsd@akruijff.dds.nl using -f cc: freebsd-questions@freebsd.org Subject: Re: nmap'ing myself X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Oct 2004 23:14:00 -0000 On Thu, Oct 07, 2004 at 11:22:34PM +0100, Chris Howells wrote: > On Thursday 07 October 2004 21:56, Norm Vilmer wrote: > > Sorry about the ambiguity, i was referring to loosening my firewall rules > > and other settings to allow nmap to work properly. If it "should" work, > > No. Why would you want to deliberately make it easy to make a port scan work? > > If you're a script kiddie, and randomly port scanning boxes, and one comes up > with loads of wide open ports, and a few comes up with either closed or > "stealth" ports, which one do you think you're going to try and attack? He meens be able to do 'nmap localhost'. Yes this should be posible. One of you first rules must be 'allow ip from any to any via lo0'. Also have a look at the port portsentry. Anyone who tries a nmap from the internet whould get denied full access. > > then I have things either misconfigured or tightened down too much. > > Tighten down too much? What is that? Not being able to do what you want (other to do). ipfw add 1 deny ip from any to any. That is tightened down to much. -- Alex Please copy the original recipients, otherwise I may not read your reply. WWW: http://www.kruijff.org/alex/FreeBSD/