I have in my home box a iptables firewall configured via shorewall with the "standalone machine" standard configuration (no services whatsoever to the outside world). Just for good measure, I tryed portscanning from a computer at work: (my dynamic IP number edited) $ nmap -vv <IP number>
Starting nmap V. 3.00 ( www.insecure.org/nmap/ ) No tcp,udp, or ICMP scantype specified, assuming vanilla tcp connect( ) scan. Use -sP if you really don't want to portscan (and just want t o see what hosts are up). Machine <IP number> MIGHT actually be listening on probe port 80 Host <IP number> appears to be up ... good. Initiating Connect() Scan against <IP number> Adding open port 80/tcp Bumping up senddelay by 10000 (to 10000), due to excessive drops Bumping up senddelay by 20000 (to 30000), due to excessive drops Bumping up senddelay by 30000 (to 60000), due to excessive drops Bumping up senddelay by 40000 (to 100000), due to excessive drops Bumping up senddelay by 50000 (to 150000), due to excessive drops Bumping up senddelay by 60000 (to 210000), due to excessive drops Bumping up senddelay by 75000 (to 285000), due to excessive drops Bumping up senddelay by 75000 (to 360000), due to excessive drops Bumping up senddelay by 75000 (to 435000), due to excessive drops The Connect() Scan took 1038 seconds to scan 1601 ports. Interesting ports on (<IP number>): (The 1597 ports scanned but not shown below are in state: closed) Port State Service 6/tcp filtered unknown 25/tcp filtered smtp 80/tcp open http 135/tcp filtered loc-srv Nmap run completed -- 1 IP address (1 host up) scanned in 1038 second s The scanning from the home box itself gives a more reassuring outcome: $ nmap -vv localhost No tcp, udp, or ICMP scantype specified, assuming vanilla tcp connect() scan. Use -sP if you really don't want to portscan (and just want to see what hosts are up). Starting nmap 3.27 ( www.insecure.org/nmap/ ) at 2003-11-22 14:54 WET Host localhost (127.0.0.1) appears to be up ... good. Initiating Connect() Scan against localhost (127.0.0.1) at 14:54 Adding open port 10000/tcp Adding open port 6000/tcp The Connect() Scan took 0 seconds to scan 1623 ports. Interesting ports on localhost (127.0.0.1): (The 1621 ports scanned but not shown below are in state: closed) Port State Service 6000/tcp open X11 10000/tcp open snet-sensor-mgmt Nmap run completed -- 1 IP address (1 host up) scanned in 0.633 seconds Now, why should nmap at the remote machine report that port 80 is open? I assume that this happens because nmap is not supposed to be used when the target has a firewall. Can I be right? And, if so, how can I check whether the firewall is really working as expected? Thanks for any help, Jorge Almeida -- [EMAIL PROTECTED] mailing list
