Date: Fri, 08 Oct 2004 01:13:56 +0200 From: Alex de Kruijff <freebsd@akruijff.dds.nl> To: Chris Howells <howells@kde.org> Cc: freebsd-questions@freebsd.org Subject: Re: nmap'ing myself Message-ID: <20041007231356.GB12508@alex.lan> In-Reply-To: <200410072322.42534.howells@kde.org> References: <416595F3.1030601@etherealconsulting.com> <4165A1FF.5080906@mac.com> <4165AD88.6030109@etherealconsulting.com> <200410072322.42534.howells@kde.org>
next in thread | previous in thread | raw e-mail | index | archive | help
On Thu, Oct 07, 2004 at 11:22:34PM +0100, Chris Howells wrote: > On Thursday 07 October 2004 21:56, Norm Vilmer wrote: > > Sorry about the ambiguity, i was referring to loosening my firewall rules > > and other settings to allow nmap to work properly. If it "should" work, > > No. Why would you want to deliberately make it easy to make a port scan work? > > If you're a script kiddie, and randomly port scanning boxes, and one comes up > with loads of wide open ports, and a few comes up with either closed or > "stealth" ports, which one do you think you're going to try and attack? He meens be able to do 'nmap localhost'. Yes this should be posible. One of you first rules must be 'allow ip from any to any via lo0'. Also have a look at the port portsentry. Anyone who tries a nmap from the internet whould get denied full access. > > then I have things either misconfigured or tightened down too much. > > Tighten down too much? What is that? Not being able to do what you want (other to do). ipfw add 1 deny ip from any to any. That is tightened down to much. -- Alex Please copy the original recipients, otherwise I may not read your reply. WWW: http://www.kruijff.org/alex/FreeBSD/
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20041007231356.GB12508>