I scan through firewalls all the time. I typically turn all port scanning off and just run the plugins. If theyve got any ports forwarded to applications, youll be able to test those boxes (atleast on the ports that are forwarded). I also regularly find problems or issues with their actual firewall such as old versions of SSh, unneeded services running, etc.
Happy scanning -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Behalf Of Erik Stephens Sent: Friday, July 25, 2003 10:24 AM To: Nessus People Subject: Re: Scan results On Fri, 25 Jul 2003, Michael Scheidell wrote: > Generally speaking, you should NOT scan through a firewall, or, as > in the case of a SOHO firewall, that SOHO firewall will block you > due to any number of conditions: I'm considering trying to scan through ones of those cheapo gateway/modem/dsl devices that has a DMZ option. The few scans that I've done SEEM to bring back accurate results. I guess I could diff reports between ones generated from the DMZ and ones with nothing in front of them, but I figure I'll take the easy way out and ask around first :) Has anyone else ventured down the same path? Thanks, Erik
