firewalk and nmap

• Previous message: khairul anwar mustapha: "RE: Microsoft Post Office on NT Server"
• Next in thread: Irene Abezgauz: "RE: firewalk and nmap"
• Maybe reply: Irene Abezgauz: "RE: firewalk and nmap"
• Reply: fatb: "Re: firewalk and nmap"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Wed, 17 Aug 2005 08:53:44 +0200
To: pen-test@securityfocus.com

Hi list,

three years ago I could read that firewalk is for better use
for testing ACLs on firewalls compared to nmap.

Today I can test with nmap if a port on a machine is open (Syn -
Syn-ack), closed or unfiltered (Syn - Rst-ack) and filterd (Syn
- nothing).
If firewalk does the scan on the firewall in front of the server
I get open, closed and filtered. Isn't the closed port from nmap
the same as an open port on the firewall?

e.g.

-->-------------FW--------------Server
open 22 80
ports: 80

nmap will show:
22 closed
80 open
.. filtered

firewalk:
22 A! open (port not listen)
80 A! open (port listen)
.. *no response*

If a port with nmap is closed, it surely is not filterd by the FW,
since I get a RST back.
So is there a difference anymore? Are there any settings where
firewalk can take advantage of?

Thanks,
Chris

------------------------------------------------------------------------------
FREE WHITE PAPER - Wireless LAN Security: What Hackers Know That You Don't

Learn the hacker's secrets that compromise wireless LANs. Secure your
WLAN by understanding these threats, available hacking tools and proven
countermeasures. Defend your WLAN against man-in-the-Middle attacks and
session hijacking, denial-of-service, rogue access points, identity
thefts and MAC spoofing. Request your complimentary white paper at:

http://www.securityfocus.com/sponsor/AirDefense_pen-test_050801
-------------------------------------------------------------------------------

• Previous message: khairul anwar mustapha: "RE: Microsoft Post Office on NT Server"
• Next in thread: Irene Abezgauz: "RE: firewalk and nmap"
• Maybe reply: Irene Abezgauz: "RE: firewalk and nmap"
• Reply: fatb: "Re: firewalk and nmap"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: firewalk and nmap ... if a "closed" port run some daemon to listen any incoming request,it means "open". ... Subject: firewalk and nmap ... > for testing ACLs on firewalls compared to nmap. ... > If a port with nmap is closed, it surely is not filterd by the FW, ... (Pen-Test) Re: how nmap can know my firewalled servers ? ... Firewalk does a better job at determinig the firewall configuration .. ... I know that "nmap" can show open ports. ... Try Webroot's Spy Sweeper Enterprisefor 30 days for FREE with no ... (Security-Basics) RE: firewalk and nmap ... Suppose you ran nmap on a machine, and you got "port 25 is filtered". ... completely independent from the firewall. ... If a port with nmap is closed, it surely is not filterd by the FW, ... (Pen-Test)