Home page logo

nmap-dev logo Nmap Development mailing list archives

Re: help for port scanning on firewalls and routers
From: Gerald Combs <gerald () ethereal com>
Date: Tue, 16 Apr 2002 09:53:27 -0500 (CDT)

On Tue, 16 Apr 2002, Joseph Taylor wrote:

I am planning to perform port scanning for routers and
firewalls security on my network.
My questions are about what benefits I will obtain by
running a port scanning tool (NMAP, ISS, etc..). 

Will there be any difference in the results whether I
use this tool inside my network (from an internal IP) 
or outside my network.  

If you have a properly configured firewall installed, the difference
should be significant.  An internal scan will show all of the hosts and
services running on your network.  An external scan will show only the
hosts and services visible to the outside world.  If you don't have a
firewall installed, or if it isn't properly configured the two scans may
turn up identical results.  Which is usually a bad thing.

What's the aim of running this tool from internal

Two main benefits are inventory and security analysis.  After running an
Nmap scan, people often find services (and entire machines) on their
network that they weren't aware of.  Internal scans can help you secure
your network from internal breakins (by employees) and from external
breakins (in case someone makes it through your firewall).

Do I need to make port scanning over devices which are
not accessible outside my network from internet and
are only accessible from internal network? (such as
WAN routers and LAN&WAN firewalls.)

Yes.  You should scan _everything_ on your network.  

I was planning to run "NMAP", do you think it
satisfies my aim?

Probably, but I think you need to expand your scope a bit.  You seem to be
concentrating on your network gear and ignoring your servers.  Take a look
at Nessus (http://www.nessus.org).  It uses Nmap to discover the hosts and
services on a specified subnet and examines each service that it finds for
possible vulnerabilities.  It then generates a nice HTML report on what it

Check out http://www.sans.org, http://www.cert.org and http://www.ciac.org
for information on auditing and securing your network.

Can anyone give me a brief explanation?


Do You Yahoo!?
Yahoo! Tax Center - online filing with TurboTax

For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]