Date: Sat, 29 Mar 2003 13:18:24 -0500 (EST) From: Dru <dlavigne6@cogeco.ca> To: jason <jason@monsterjam.org> Cc: questions@freebsd.org Subject: Re: VERY annoying nmap problem. (solved) Message-ID: <20030329121100.S17599@dhcp-17-14.kico2.on.cogeco.ca> In-Reply-To: <20030329110554.L33825-100000@monsterjam.org> References: <20030329110554.L33825-100000@monsterjam.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, 29 Mar 2003, jason wrote: > yeah, I know the -sU is for UDP scans. Im using ipfw. Im 99.9% sure > my firewall rules didnt change from version to version of nmap, but damn, > youre right! scanning with my firewall disabled worked. Good catch. I > guess ill have to play with my ipfw rules now. Thanks. > <snip> Just don't play too much with your ruleset. Blocking incoming UDP is a _good_ thing. If you want to test the behaviour of the machine in question, it is better to use nmap from another host. That way you can see what the world sees, and ensure that your firewall ruleset isn't leaking anything. If you want to use the machine in question as your main scanner, you can make a rule which allows _outgoing_ UDP to other hosts so you can run nmap. If you're security stance is more paranoid than that, make it a temporary rule that you only use when running nmap. On the other hand, if you only have one machine and just want to know which UDP ports are open on it, "netstat -an" or "sockstat -46" are much better options than nmap, which is designed for remote scanning. I'm sure you're already aware of that, just mentioned it for the benefit of others who may be following the thread. Dru
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030329121100.S17599>