August 6th, 2004, 11:18 AM
nmap only one for four?
So I wanted to do some testing yesterday.
I set the firewall to leave four machines available to the outside world. A NetWare 6 mail server, a Win2k web server, a NetWare 5.1 print and file server (with nothing important on it) and a Nortel VPN concentrator. They all have static NAT translations, and they all have relaxed firewall rules for access from the public net. Anything from allow all traffic to allow only on certain ports. I verified that I can get to all four boxes from home before I ran the test.
Thinking that these four would show up for sure, I was really more concerned with what else might show up, (looking for cracks in the firewall) though I did want to see how much of these four boxes was visible.
So I ran this command from nmap as root:
nmap -v -sS -sR x.x.x.0/21 >> myfile
Lo and behold.....the only thing that showed up out of all those hosts was the mail server. Yeah for me, the firewall seems to be working, but this has got to be a bit of a false sense of security. Why didn't nmap catch my other three 'open' boxes? Wrong arguments on my part?
August 6th, 2004, 11:28 AM
Did it show them as "down" ?
Bear in mind that by default nmap sends an ICMP ping and a SYN to port 80. If it receives a response from neither, it assumes the host is down. It won't scan any more ports if the host is down.
Use -P0 to cause it to assume all hosts are up (this does make it rather slow, so be aware of this)
August 6th, 2004, 11:31 AM
Just learning to use nmap myself. I'm sure others will be of more help.
Slarty beat me to it.
What happens if a big asteroid hits the Earth? Judging from realistic simulations involving a sledge hammer and a common laboratory frog, we can assume it will be pretty bad. - Dave Barry