VERY annoying nmap problem. (solved)

Dru dlavigne6 at
Sat Mar 29 10:14:44 PST 2003

On Sat, 29 Mar 2003, jason wrote:

> yeah, I know the -sU is for UDP scans. Im using ipfw. Im 99.9% sure
> my firewall rules didnt change from version to version of nmap, but damn,
> youre right! scanning with my firewall disabled worked. Good catch. I
> guess ill have to play with my ipfw rules now. Thanks.

Just don't play too much with your ruleset. Blocking incoming UDP is a
_good_ thing. If you want to test the behaviour of the machine in
question, it is better to use nmap from another host. That way you can see
what the world sees, and ensure that your firewall ruleset isn't leaking
anything. If you want to use the machine in question as your main scanner,
you can make a rule which allows _outgoing_ UDP to other hosts so you can
run nmap. If you're security stance is more paranoid than that, make it a
temporary rule that you only use when running nmap.

On the other hand, if you only have one machine and just want to know
which UDP ports are open on it, "netstat -an" or "sockstat -46" are much
better options than nmap, which is designed for remote scanning. I'm sure
you're already aware of that, just mentioned it for the benefit of others
who may be following the thread.


More information about the freebsd-questions mailing list