Using nmap to scan my firewall through WAN proxy

slooper · 12-05-2003, 11:13 AM

Can someone tell me how I can use nmap to scan my firewall from the outside? I tried using the nmap "-b ftp.foo.com" option, but can't seem to find an exploitable ftp site.

Please allow myself...to....um...hack, myself.

Thanks!

Pcghost · 12-05-2003, 12:50 PM

Use a dial-up connection to get outside the firewall, or if you have multiple highspeed interfaces use on as the gateway to test the other.

frogman · 12-06-2003, 09:40 AM

Or ask a mate to scan you. (choose wisely

)

Capt_Caveman · 12-06-2003, 09:52 AM

There are some sites that offer free scanning as part of network security assesment. Off the top of my GRC, Symantec, Sygate. How well these scans work or are comparable to nmap is a different story. But, they are useful for scanning yourself from the outside.

slooper · 12-06-2003, 01:53 PM

ya - I dont have access to dial-up or a second gateway. And all my friends are linux newbies. I was able to scan ifrom work using the Windows version of nmap. But I'd like to be able to do it from home so I can really try to troubleshoot the security of my network. The nmap man file said something about using ftp sites to bounce packets off of.

Is there a way that I can do that?

I looked on nmaps website for a list of exploitable ftp sites, but couldn't find one.

Pcghost · 12-08-2003, 10:41 AM

Why not just use a web-based scan like http://www.pcflank.com or http://grc.com. Either one can do special scans of ports you specify. I suggest pcflank as I sometimes get false positives with GRC.