You could try using nmap with the -sA (ACK) scanning...this is good for mapping firewall rulesets to see what is being let in. You could also use -f (fragment) with -sS to send fragmented packets...this will show open ports unless most of the time too. But -sA is better since the firewall things its a legitimate request and not a port scan
On Mon, 14 Mar 2005 11:52:54 -0500, daniel quinn <[EMAIL PROTECTED]> wrote: > i've been experimenting with ipfw since moving some of my machines from linux > to freebsd and i've run across an oddity wrt nmap and freebsd firewalls. it > doesn't seem to work and the activity isn't logged either. > > the firewall is working though. ssh goes through, while other ports are being > blocked (and logged). i've confirmed this with telnet. but nmap still comes > up empty. i'd like to be able to do a proper portscan, but is this a feature > with ipfw or a lack of feature in nmap? > > for the purposes of this test, i've used a variation on the firewall supplied > in the freebsd handbook: > > www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/firewalls-ipfw.html > > -- > ...he who in dealing with the empire loves his subjects as one should love > one's body is the best person to whom one can commit the empire. > - lau tzu, "tao te ching: chapter xiii" > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "[EMAIL PROTECTED]" > -- You've officially been Gmailed _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
