nmap'ing myself

Chuck Swiger cswiger at mac.com
Thu Oct 7 13:07:49 PDT 2004


Norm Vilmer wrote:
[ ... ]
> My question is: from a "well" configured firewall, "Should" I be able to 
> nmap the public interface using a console session on the firewall
> itself?

Sure.  nmap should return close to zero open ports.

> Will allowing this compromising security of the machine?

nmap doesn't compromise the security of your machine.  Having open ports 
connected to vulnerable services is the primary security risk.

> Basically, should I even attempt to make this work?

What is "this"?

> What's a good way to test your own firewall without driving down
> the road (and hacking into an unsecured linksys wireless router....
> just kidding)?

Put another machine on the subnet of your external interface, and do an nmap 
scan from there.  That represents what your ISP would see, or a bad guy who 
compromised the ISP possibly up through the DSL modem you have.

-- 
-Chuck



More information about the freebsd-questions mailing list