On Wed, Jul 03, 2002 at 02:49:08PM +0800, Dan Jacobson wrote:
| Is it true that nmap makes little sense if you run it to check the
| machine it is running on?
It makes little sense IF you want to see what some arbitrary host on
the outside network would see.
I have different rules for different interfaces (lo, eth0, eth1) and
each one also has some host-based exceptions. For lo, everything is
allowed. If I run 'nmap localhost' I'll get a list of every listening
service (including spamd, postgres and ldap) even though they are not
accessible from the outside world. If I run nmap from some random
host on the internet (eg school) you'll only get ssh, smtp, and http
access (and ESTABLISHED and RELATED stuff, eg if I make a request out
or if I use IRC DCC which is all per-host anyways). (actually, some
nimbda/codered hosts won't get a darn thing) If I run nmap from a
host on the LAN here, I'll get access to ldap and postgres in addition
to ssh, smtp and http. If I run nmap on my external interface from
certain locally controlled hosts on the same subnet I'll get access to
some of those "extra" services as well.
With a ruleset like mine, there is no single location from which the
port scan can be done to get conclusive information. Actually,
'iptables -L' and 'iptables -t nat -L' is the truly conclusive source
for that information.
-D
--
You have heard the saying that if you put a thousand monkeys in a room with a
thousand typewriters and waited long enough, eventually you would have a room
full of dead monkeys.
(Scott Adams - The Dilbert principle)
http://dman.ddts.net/~dman/
Attachment:
pgpfv6yxVRz4m.pgp
Description: PGP signature