[fw-wiz] result question
From: rmck (rmckeever_at_earthlink.net)
Date: 08/27/03
- Previous message: Bartek Krajnik: "Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Next in thread: Whiteside, Larry [contractor]: "RE: [fw-wiz] result question"
- Maybe reply: Whiteside, Larry [contractor]: "RE: [fw-wiz] result question"
- Reply: franco segna: "Re: [fw-wiz] result question"
- Maybe reply: Mike Hoskins: "RE: [fw-wiz] result question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: firewall-wizards@honor.icsalabs.com Date: Wed, 27 Aug 2003 14:57:42 -0700 (PDT)
Hello,
I was wondering if somone could explain to me why the tool (nmap) gives the
following results. Is it really getting through my firewalls??
I have a mysql (port 3306) machine that is behind two firewalls (both
netscreens).
I run nmap from home (3 scans), outside of all the firewalls, as so:
First A:
nmap -sT -P0 -p 3306 -T 3 111.111.111.111
Result A:
Starting nmap V. 3.0 ( www.insecure.org/nmap )
Interesting ports on mach.com.com (111.111.111.111):
Port State Service
3306/tcp filtered mysql
Nmap run completed -- 1 IP address (1 host up) scanned in 38 seconds
I feel I understand these results nmap labels a port as "filtered" if it
does not receive either a
SYN-ACK or a RST in response to a SYN packet.
A ?????????sT scan sends a SYN.
But these last two just get me....
B:
nmap -sF -P0 -p 3306 -T 3 111.111.111.111
Result B:
Starting nmap V. 3.0 ( www.insecure.org/nmap )
Interesting ports on mach.com.com (111.111.111.111):
Port State Service
3306/tcp open mysql
Nmap run completed -- 1 IP address (1 host up) scanned in 13 seconds
Whats happening here?? Nothing shows in my firewall logs?? Is it really
getting through? Or is it assuming its open because it gets no response??
C:
nmap -sU -P0 -p 3306 -T 3 111.111.111.111
Result C:
Starting nmap V. 3.0 ( www.insecure.org/nmap )
Interesting ports on mach.com.com (111.111.111.111):
Port State Service
3306/udp open unknown
Nmap run completed -- 1 IP address (1 host up) scanned in 13 seconds
So reading on nmap pages I got this "UDP scanning (-sU) in NMAP has the
same problem as FIN scans in that packet filtered ports will turn up as being
open ports."
So am I correct in thinking nmap is assuming a port is opened if no
response is given.
Or does nmap get through with out being logged??
Thank you for your time, and any input you can give me ...
Ron
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Bartek Krajnik: "Re: Setting up H323 IP telephony etc - was Re: [fw-wiz] Apple's iSight and Firewalls"
- Next in thread: Whiteside, Larry [contractor]: "RE: [fw-wiz] result question"
- Maybe reply: Whiteside, Larry [contractor]: "RE: [fw-wiz] result question"
- Reply: franco segna: "Re: [fw-wiz] result question"
- Maybe reply: Mike Hoskins: "RE: [fw-wiz] result question"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
