[SOLVED] is there a good way to run nmap scans over the public net?
Linux - NetworkingThis forum is for any issue related to networks or networking.
Routing, network cards, OSI, etc. Anything is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
The net itself doesn't matter or mind, but when you check the ports of a host that you don't own, it can be interpreted as searching for a way to break in.
Interesting one. Surely as this is his/her own telephone line there shouldn't be any other traffic but his/hers and his/hers ISPs. Or am I missing something basic?
Interesting one. Surely as this is his/her own telephone line there shouldn't be any other traffic but his/hers and his/hers ISPs. Or am I missing something basic?
it's actually Comcast cable as my ISP on both ends, and yes, theoretically traffic to/from 2 endpoints on the same ISP SHOULD never cross other providers lines, provided the 2 endpoints are geographically close to each other. Going cross-country, i could see you potentially getting routed across peered links of some sort.
But even on the same ISP, i had figured that port scans could potentially violate some sort of terms-of-service, because as berndbausch said, it can be seen as a security circumvention attempt. A cursory glance at Comcasts TOS don't explicity show anything of the sort, but it wouldn't surprise me to find that they'd rather you not do this.
should have clarified, most definitely to one of my own hosts
Apart from TOS etc kind of depends what you can do. Is it to be a targeted scan? Nmap has speed settings. If you target your own machine with specific ports, say "-p21,22,23,25,80,443,993,10000", no excessive retries and try "-T1"? Or a general vulnerability assessment? You know there's sites that can do that for you for free, only requiring registration (added bonus of having a 3rd party to "blame" ;-p)?
Apart from TOS etc kind of depends what you can do. Is it to be a targeted scan? Nmap has speed settings. If you target your own machine with specific ports, say "-p21,22,23,25,80,443,993,10000", no excessive retries and try "-T1"? Or a general vulnerability assessment? You know there's sites that can do that for you for free, only requiring registration (added bonus of having a 3rd party to "blame" ;-p)?
Lol! no i was just gonna do a range of 1-1024 on my own firewall, from my parents house. rather not have to register for yet another site. both locations have comcast.
You have a default filter table INPUT chain DROP policy and you only allow ingress traffic (any protocol) for existing connections so running nmap should not show any ports open.
You have a default filter table INPUT chain DROP policy and you only allow ingress traffic (any protocol) for existing connections so running nmap should not show any ports open.
yes. i know
i was more concerned with the TOS/general network courtesy kinds of implications. one thing i do know, i would never in a million years install a firewall without nmap'ing it locally, before putting it out into the wild
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.