Home page logo

nmap-dev logo Nmap Development mailing list archives

RE: Nmap and Watchguard firewalls
From: "Paul Hieb" <phieb () columbus rr com>
Date: Thu, 2 Jun 2005 21:52:23 -0400

Watchguard bad, Snort on Astaro good...


-----Original Message-----
From: nmap-dev-bounces () insecure org
[mailto:nmap-dev-bounces () insecure org] On Behalf Of Kern, Tom
Sent: Tuesday, May 24, 2005 9:16 AM
To: nmap-dev () insecure org
Subject: Nmap and Watchguard firewalls

Hi. I don't know if this is the appropriate place to send this email so
i apologize in advance.

I have an issue where i'm running an nmap scan against my interent
router(cisco). This router sits in front of a Watchguard firebox X
firewall. Whenever i run the scan, the fingerprint that I get back is
the Watchguard itself.
This happens when I run it against my home network(or any host outside
the firewall). It always comes back as Watchguard.

I run nmap with the -vv sS -O switches against the ip of the host.

I've run nmap from a Windows xp sp1 box and a RedHat Enterprise Linux
box. Same result.

Also, the linux box is not NAT/PATed by the firewall or router. The
router does no NAT.
The firewall is running an smtp and dns proxy. All the other services
are stateful packet inspection.
Watchguard has been silent on the issue but it seems the firebox x is
doing some rewriting but I can't tell for sure.
When i run ethereal from the nmap host, i can see the packets going to
the destination ok.
However, at the router, when i run a packet filter, i see nothing going
to the destination i'm nmaping or the source nmap host.

I was wondering if you knew of any isses with nmap and Watchguard. I
apologize again if this is the wrong place to email this or for wasting
your time.

Thank you

Sent through the nmap-dev mailing list

Sent through the nmap-dev mailing list

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]