Linux - Software This forum is for Software issues.
Having a problem installing a new program? Want to know which application is best for the job? Post your question in this forum. |
Notices |
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
Are you new to LinuxQuestions.org? Visit the following links:
Site Howto |
Site FAQ |
Sitemap |
Register Now
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
|
|
|
01-24-2004, 11:09 AM
|
#1
|
Member
Registered: May 2003
Location: California
Distribution: Slax
Posts: 262
Rep:
|
nmap scan from inside
I was browsing here all day to get answered my Q,but couldn't found it.
So my Q is if it is possible to scan my box from another box inside network:
cabel modem
|
2 port router-----owner's box
|
eth hub-----XP box
|
MDK 9.1 box
I'd like to scan my boxes each other.Mostly box "C".I know all IPs.
I was trying scaning from "C" other boxes from MDK,but couldn't.Don't know why.My
firewall is Guarddog.And I know my box accept ICMP (found some command which showed ICMP as accepted-don't remember which one it was).
Sorry I'm kinda newbie in these things.
No.1 priority is to get my MDK box scanned from my atnohre box,or somehow (better) from this box MDK.
Sorry for so long post.Wanted to let u know as much as possible.
Thank you,
Wannalearnlinux
ps: forgot that I don't have any friends outside who knows those things,so can't try it from outside.
Last edited by WannaLearnLinux; 01-29-2004 at 11:42 AM.
|
|
|
01-24-2004, 11:12 AM
|
#2
|
Member
Registered: May 2003
Location: California
Distribution: Slax
Posts: 262
Original Poster
Rep:
|
oopps
the graf is bad,again my net:
cabel modem--2 port router--owners XP box A---my eth hub---box B xp and box C MDK
|
|
|
01-24-2004, 02:09 PM
|
#3
|
Member
Registered: May 2003
Location: California
Distribution: Slax
Posts: 262
Original Poster
Rep:
|
it doesn't work from another box
from XP box I'm trying GFI lan guard,but it doesn't work to scan my Linux box inside the lan.
Don't know where I'm wrong.I even found that Guarddog blocks ICMP.But I know it's no true.I'll search for command which tells if ICMP is blocked or not.If u know pls post it.Otherwise I'm searching.
I'm serious,pls help newbie to secure his first Linux box
|
|
|
01-24-2004, 02:28 PM
|
#4
|
Member
Registered: May 2003
Location: California
Distribution: Slax
Posts: 262
Original Poster
Rep:
|
ok ICMP accepted
[root@localhost grinder]# cat /proc/sys/net/ipv4/icmp_echo_ignore_all
0
...so it is accepted but still can't scan other box (XP),which doesn't have any firewall to block it.
Looks like I should buy some more books
Maybe the eth hub makes problems?Don't know.
|
|
|
01-25-2004, 01:28 PM
|
#5
|
Member
Registered: May 2003
Location: California
Distribution: Slax
Posts: 262
Original Poster
Rep:
|
pls
I'll be fine with some URL.How You guys do scan your boxes? You probably have some1 who can scan your box,but I don't.
|
|
|
01-25-2004, 04:03 PM
|
#6
|
Senior Member
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019
Rep:
|
Ok, I'm sorry but I got a little lost with that, but I think I may have you answer. If I don't then let me know. On the box you trying to scan can you ping it? If you cannot and you know you have the right IP then you may need to give nmap the command to not ping it first:
nmap -P0 <ipaddr>
that is a dash-P-zero
Also, guarddog uses IPTABLES tor it's firewall. Iptables can block icmp with the use of the file you mentioned above.
If you are worried about you security you can also use ps aux to see what services/processes are running. You can use netstat -nlp to see what is listening on the different ports.
|
|
|
01-25-2004, 05:51 PM
|
#7
|
Member
Registered: Jul 2003
Location: London
Posts: 548
Rep:
|
Also, ping your box to see if it's accepting ICMP packets. The other option is just to portscan yourself.
|
|
|
01-25-2004, 06:02 PM
|
#8
|
Senior Member
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019
Rep:
|
You can portscan yourself, and it will tell you somethings, but it is better to portscan from a remote location.
Last edited by benjithegreat98; 01-25-2004 at 06:12 PM.
|
|
|
01-25-2004, 07:29 PM
|
#9
|
Member
Registered: Apr 2002
Location: Venezuela
Distribution: slackware 8.0
Posts: 67
Rep:
|
Do you want to verify if the box is secure against attacks from outside of the lan, or secure against local attacks?
I'm not a security expert but i have read in some security site (dont remember where) that if you want to verify if your box is secure against attacks from internet you must scan the box from outside your lan. Scanning from inside will give you incorrect results.
hope this help a little
|
|
|
01-25-2004, 11:41 PM
|
#10
|
LQ Newbie
Registered: Jan 2004
Location: Sweden
Distribution: SuSE 8.1+, RH 6+, Gentoo 1.4, MDK8+
Posts: 4
Rep:
|
Quote:
I'm not a security expert but i have read in some security site (dont remember where) that if you want to verify if your box is secure against attacks from internet you must scan the box from outside your lan. Scanning from inside will give you incorrect results.
|
Well... If you scan from outside the lan, you will probably end up scanning a router/firewall/gateway/NAT-box or whatever. Scanning individuall hosts inside the LAN will give correct results on open ports etc for that host.
Offcourse, If you want to test your security for the local lan, eg security against attacks from the Internet... youll have to scan your router/whatever from an outside host.
Back to the question... could you show what options you run Nmap with?
later
/Vigge
|
|
|
01-26-2004, 01:07 AM
|
#11
|
Member
Registered: May 2003
Location: California
Distribution: Slax
Posts: 262
Original Poster
Rep:
|
thanks a lot
thanks so much all of you for reply.
But now I'm having different problem.I'm doing my 2nd install Linux MDK 9.1 and having problems with those NVIDIA drivers.So I can't try things you posted.
But when I'll fix that I'll be right back.
Thanx again.I appreciate it.
|
|
|
01-29-2004, 12:53 AM
|
#12
|
Member
Registered: May 2003
Location: California
Distribution: Slax
Posts: 262
Original Poster
Rep:
|
sorry
Quote:
Originally posted by Vigge
Well... If you scan from outside the lan, you will probably end up scanning a router/firewall/gateway/NAT-box or whatever. Scanning individuall hosts inside the LAN will give correct results on open ports etc for that host.
Offcourse, If you want to test your security for the local lan, eg security against attacks from the Internet... youll have to scan your router/whatever from an outside host.
Back to the question... could you show what options you run Nmap with?
later
/Vigge
|
I'm so sorry,I had problems,I had to reinstall MDK and wasn't easy as my 2nd install of Linux.
You are right,everytime I go at GRC.com I get same results whatever changes I do.
So it is checking router,which I'm behind
So if I do scan from inside the LAN from other box and it will block everything so I'm fine if anyone gets through router from outside. Am I correct?
BTW,I can't make any changes at router cause it is not mine and he is in owner's room.I tried to get in from my box,but there is set password I don't know
I was trying ping from another box (XP) inside the LAN and Guarddog blocks it.
And commands I tried inside LAN was #nmap -sS 192.168 bla bla ,but couldn't.Said
"permission denied". But I don't have any firewall at XP box.
|
|
|
01-29-2004, 01:00 AM
|
#13
|
Member
Registered: May 2003
Location: California
Distribution: Slax
Posts: 262
Original Poster
Rep:
|
One more thing I don't understand.
When I do:
[root@localhost grinder]# cat /proc/sys/net/ipv4/icmp_echo_ignore_all
0
So it is accepted,but I didn't set it in Guarddog to be accepted.I accept only FTP,HTTP,HTTPS,X,DNS.
Wierd.
|
|
|
01-29-2004, 09:48 AM
|
#14
|
Senior Member
Registered: Dec 2003
Location: Shelbyville, TN, USA
Distribution: Fedora Core, CentOS
Posts: 1,019
Rep:
|
ICMP is not tcp so you may have to specify guarddog to block icmp. I don't use guarddog so I'm not sure. On the nmap deal, you have to be root to give it the -sS switch. And if you run nmap as root it is defaulted into the command. You are right about the scan from grc.com. It is scanning your router. Just let the owner know about the open ports in the router. He may or may not be aware.
Which ports are open by the way? I ask because when I scan myself port 21 and 25 are always open. Even if the services are verified to be off nothing is listening on those ports and iptables is explicitly told to block them. I eventually concluded that the cable modem was to blame
|
|
|
01-29-2004, 11:40 AM
|
#15
|
Member
Registered: May 2003
Location: California
Distribution: Slax
Posts: 262
Original Poster
Rep:
|
Well about the router,the owner doesn't know anything.Actually I was the one who set it up,years ago with almost zero knowledge.I'll ask her (62 years old women) for the paswd.
And about the ICMP,Guarddog.Ther is 2 settings:
-Internet
-Local
So I set up LOCAL (because scanning inside LAN) to alow :
-ICMP redirect
-ICMP source quench (??)
-PING
I didn't set it in INTERNET zone.
Here are open ports:
[grinder@localhost grinder]$ nmap 127.0.0.1
Starting nmap V. 3.00 ( www.insecure.org/nmap/ )
Interesting ports on localhost (127.0.0.1):
(The 1596 ports scanned but not shown below are in state: closed)
Port State Service
22/tcp open ssh
53/tcp open domain
111/tcp open sunrpc
953/tcp open rndc
6000/tcp open X11
Nmap run completed -- 1 IP address (1 host up) scanned in 0 seconds.
I'll have to llok what 111 and 953 are for.
Thanx for your time.
|
|
|
All times are GMT -5. The time now is 06:19 PM.
|
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
|
Latest Threads
LQ News
|
|