Re: help for port scanning on firewalls and routers

[Gerald Combs <gerald () ethereal com>]

On Tue, 16 Apr 2002, Joseph Taylor wrote:

> I am planning to perform port scanning for routers and
> firewalls security on my network.
> My questions are about what benefits I will obtain by
> running a port scanning tool (NMAP, ISS, etc..). 
>
> Will there be any difference in the results whether I
> use this tool inside my network (from an internal IP) 
> or outside my network.  

If you have a properly configured firewall installed, the difference
should be significant.  An internal scan will show all of the hosts and
services running on your network.  An external scan will show only the
hosts and services visible to the outside world.  If you don't have a
firewall installed, or if it isn't properly configured the two scans may
turn up identical results.  Which is usually a bad thing.


> What's the aim of running this tool from internal
> network?

Two main benefits are inventory and security analysis.  After running an
Nmap scan, people often find services (and entire machines) on their
network that they weren't aware of.  Internal scans can help you secure
your network from internal breakins (by employees) and from external
breakins (in case someone makes it through your firewall).


> Do I need to make port scanning over devices which are
> not accessible outside my network from internet and
> are only accessible from internal network? (such as
> WAN routers and LAN&WAN firewalls.)

Yes.  You should scan _everything_ on your network.  

> I was planning to run "NMAP", do you think it
> satisfies my aim?

Probably, but I think you need to expand your scope a bit.  You seem to be
concentrating on your network gear and ignoring your servers.  Take a look
at Nessus (http://www.nessus.org).  It uses Nmap to discover the hosts and
services on a specified subnet and examines each service that it finds for
possible vulnerabilities.  It then generates a nice HTML report on what it
finds.

Check out http://www.sans.org, http://www.cert.org and http://www.ciac.org
for information on auditing and securing your network.


> Can anyone give me a brief explanation?
>
>
> Thanks, 
>
>
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Tax Center - online filing with TurboTax
> http://taxes.yahoo.com/
>
> ---------------------------------------------------------------------
> For help using this (nmap-dev) mailing list, send a blank email to 
> nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).


---------------------------------------------------------------------
For help using this (nmap-dev) mailing list, send a blank email to 
nmap-dev-help () insecure org . List run by ezmlm-idx (www.ezmlm.org).