hi guys, i have a few questions concerning nmap + scanlogd. is it necessary to start the scanlogd on a firewall ??? i don´t think that scanlogd can detect any scan if all incoming connections are blocked (except, of course, connections to the dmz). after i scaned my host, nmap reports that all udp ports are open. but they are not. its the nmap version that ships with suse6.3. any ideas ??? thanks in advance, juergen
"Bauer, Juergen" wrote:
hi guys,
... after i scaned my host, nmap reports that all udp ports are open. but they are not. IIRC nmap (options -sF, -sX, -sN) calls a port as "open", if it doesn't get a "RST". If your firewall just denys all incoming packets (not rejects them), so nmap thinks
Hi Juergen! the ports are open. Also look at the manpage. Rgds. Heiko.
participants (2)
-
Bauer, Juergen
-
Heiko Degenhardt