Date: Thu, 07 Oct 2004 16:07:27 -0400 From: Chuck Swiger <cswiger@mac.com> To: Norm Vilmer <norm@etherealconsulting.com> Cc: freebsd-questions@freebsd.org Subject: Re: nmap'ing myself Message-ID: <4165A1FF.5080906@mac.com> In-Reply-To: <416595F3.1030601@etherealconsulting.com> References: <416595F3.1030601@etherealconsulting.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Norm Vilmer wrote: [ ... ] > My question is: from a "well" configured firewall, "Should" I be able to > nmap the public interface using a console session on the firewall > itself? Sure. nmap should return close to zero open ports. > Will allowing this compromising security of the machine? nmap doesn't compromise the security of your machine. Having open ports connected to vulnerable services is the primary security risk. > Basically, should I even attempt to make this work? What is "this"? > What's a good way to test your own firewall without driving down > the road (and hacking into an unsecured linksys wireless router.... > just kidding)? Put another machine on the subnet of your external interface, and do an nmap scan from there. That represents what your ISP would see, or a bad guy who compromised the ISP possibly up through the DSL modem you have. -- -Chuck
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4165A1FF.5080906>