Linux: Firewalling - Testing
Version: 0.04 from 2001-06-05
Copyright 2001 by Peter Bieringer <pb@bieringer.de>,
original site of publishing: http://www.bieringer.de/linux/firewalling/
Unlimited non-commercial distribution of this document in its entirety
is encouraged - please contact the author prior to commercial publication.
Suggestions, comments and improvements are welcome!
Contents
Changes to
-
0.04 [2001-06-05]: Last update before going public
Testing of firewall configuration
After successful setup of a firewall ruleset it's very recommended to test
this setup from outside (and perhaps also from inside).
One of the best tools around for that is nmap (http://www.insecure.org/nmap/).
If you have need for a commercial auditing, then look e.g. at http://www.aerasec.de/security/services/,
they offer different kind of.
Local test using netstat
-
Open TCP ports:
-
Open UDP ports:
Local and remote test using nmap
-
See manpage and information on the Internet for details
-
For the search for open TCP ports use:
-
nmap -sS -P0 -p 1-65535 localhost
-
For the search for open UDP ports use:
-
nmap -sU -P0 -p 1-65535 localhost
-
For the search for static packet filter for DNS and active FTP use:
-
nmap -sS -P0 -p 1-65535 -g 20 localhost
-
If you detect open ports, you have no chance for changes other than forbid
active FTP
-
nmap -sS -P0 -p 1-65535 -g 53 localhost
-
If you detect open ports, you have a misconfigured port filter setup
-
nmap -sU -P0 -p 1-65535 -g 53 localhost
-
If you detect open ports, you have no chance for changes other than setup
specific destination IPv4 addresses for DNS queries, e.g. the same you
use as forwarder or in the resolver configuration
Your connection is via:
IPv4
Your address: 3.235.249.219
|
bieringer.de is maintained by webmaster at bieringer dot de
(Impressum)
|
|
|