[EMAIL PROTECTED] wrote:
Harry Putnam wrote:
[EMAIL PROTECTED] wrote:
Is there a way to detect programmatically whether the local host has
a firewall enabled?
nmap can return enough informatin to surmize that. It may even be
able to tell you straight out. I'm not that familiar with all its
switches.
Running nmap -v -P0 host will give you enough to make a good guess.
So maybe parsing nmap output can be done programmatically.
There is... in the August issue of SysAdmin, there was an article on
how to write a PERL frontend for NMAP... it was pretty cool and pretty
easy (for the simple stuff). The article name is "Vulnerability
Assessments with NMAP & Nessus".
I know the code you can find online, and maybe by now you can find the
article itself.
bryce
If you're familiar with Perl these modules should provide all the
functions you need: http://search.cpan.org/search?query=nmap&mode=all
To determine whether a host is firewalled or not, you'll probably want
to take a look at the "extraports", meaning ports that weren't
listening. Generally speaking, when a firewall is runnings, nmap finds
that these ports are "filtered", and when no firewall is in use, these
extraports are in state "closed."
If you're not into Perl, you can just grab the output of an Nmap scan in
your favorite programming language and look at whether the extra ports
are filtered or closed.
As a side note, you may want to make sure you're scanning the machines
external IP address and not "localhost", as some software uses TCP ports
(bound only to the loopback address) for interprocess communication.
- John
--
[email protected] mailing list
