Date: Tue, 15 Mar 2005 07:29:03 -0500 From: Eric McCoy <emccoy@haystacks.org> To: daniel quinn <freebsd@danielquinn.org> Cc: FreeBSD Questions <freebsd-questions@freebsd.org> Subject: Re: ipfw and nmap Message-ID: <4236D50F.5050307@haystacks.org> In-Reply-To: <200503141152.55407.freebsd@danielquinn.org> References: <200503141152.55407.freebsd@danielquinn.org>
next in thread | previous in thread | raw e-mail | index | archive | help
daniel quinn wrote: > i've been experimenting with ipfw since moving some of my machines from linux > to freebsd and i've run across an oddity wrt nmap and freebsd firewalls. it > doesn't seem to work and the activity isn't logged either. > > the firewall is working though. ssh goes through, while other ports are being > blocked (and logged). i've confirmed this with telnet. but nmap still comes > up empty. i'd like to be able to do a proper portscan, but is this a feature > with ipfw or a lack of feature in nmap? I am not entirely sure what problems you are seeing. It sounds like you are saying that the firewall works properly, and nmap correctly identifies open/closed/filtered ports, but you are getting nothing in your ipfw log indicating that a scan is happening. Is that correct? If so, the "problem" is that nmap has a variety of scans which are designed not to be caught by firewall logs. If you try a TCP connect() port scan (-sT I think) it will show up in the firewall's logs. If you want to catch all manner of port scans, you will have to use something like Snort.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4236D50F.5050307>