nmap'ing myself
Chuck Swiger
cswiger at mac.com
Thu Oct 7 13:07:49 PDT 2004
Norm Vilmer wrote:
[ ... ]
> My question is: from a "well" configured firewall, "Should" I be able to
> nmap the public interface using a console session on the firewall
> itself?
Sure. nmap should return close to zero open ports.
> Will allowing this compromising security of the machine?
nmap doesn't compromise the security of your machine. Having open ports
connected to vulnerable services is the primary security risk.
> Basically, should I even attempt to make this work?
What is "this"?
> What's a good way to test your own firewall without driving down
> the road (and hacking into an unsecured linksys wireless router....
> just kidding)?
Put another machine on the subnet of your external interface, and do an nmap
scan from there. That represents what your ISP would see, or a bad guy who
compromised the ISP possibly up through the DSL modem you have.
--
-Chuck
More information about the freebsd-questions
mailing list