ipfw and nmap
Eric McCoy
emccoy at haystacks.org
Tue Mar 15 04:29:08 PST 2005
daniel quinn wrote:
> i've been experimenting with ipfw since moving some of my machines from linux
> to freebsd and i've run across an oddity wrt nmap and freebsd firewalls. it
> doesn't seem to work and the activity isn't logged either.
>
> the firewall is working though. ssh goes through, while other ports are being
> blocked (and logged). i've confirmed this with telnet. but nmap still comes
> up empty. i'd like to be able to do a proper portscan, but is this a feature
> with ipfw or a lack of feature in nmap?
I am not entirely sure what problems you are seeing. It sounds like you
are saying that the firewall works properly, and nmap correctly
identifies open/closed/filtered ports, but you are getting nothing in
your ipfw log indicating that a scan is happening. Is that correct?
If so, the "problem" is that nmap has a variety of scans which are
designed not to be caught by firewall logs. If you try a TCP connect()
port scan (-sT I think) it will show up in the firewall's logs.
If you want to catch all manner of port scans, you will have to use
something like Snort.
More information about the freebsd-questions
mailing list