why port scans from BEHIND nat/firewall are inaccurate?
Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
why port scans from BEHIND nat/firewall are inaccurate?
I recently got a new ISP and after configuring I wanted to port scan my ip from outsite my home network to make sure the open port footprint was as I expected.
I was very thrown at first when I got so many reports of open ports (thirty something). I quickly realized I was scanning from a machine on my work network which was behind a firewall/nat/proxy server.
However, the next day after configuring my firewall at work to allow just my host all outbound access (all ports and protocols) and doing the port scan again I was lost as to why I still got the same inaccurate results?
I got NO info from the vendor of my firewall (through newsgroup posts) so I decided to post here thinking now that this is probably a common issue to all firewall/nat/proxy devices with regard to what I am trying to do. To reiterate, I am trying to get an accurate port scan of a machine FROM BEHIND a nat/firewall/proxy device.
1) so what are the issues with being able to do this? Is it possible?
I tried a couple different port scanners from different clients and all had the same results. (nmap on suse linux 9.1, superscan4 on windows 2000) I am even doing standard full connect tcp scans. I realize its a firewall/nat/proxy issue and not a client issue but I don't know what, if anything, I can do about it.
If that does not work you will need to run the scan from a machine that is on the same network, and whose scan will not route through the proxy server you described.
If you get really desparate, you can at least find out which ports have running/listening services with
Code:
netstat -atun
(I am assuming this is a Linux box you are talking about..)
thank you for the replies. I have used grc.com to check the machine in question however what I am really interested in is to learn 'why' these scans are inaccurate and 'how' I may be able to configure the firewall (generally speaking, I know, I have not stated what firewall I'm using) to allow them to be accurate, 'if' that is even possible.
Basically, if you want the scan against your local machine to be accurate you should not have a NAT device or proxy server sitting between you and the port scanner.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.