Greg Morgan wrote: > I ran nmap against the firewall. It was from the internal net against > the external interface so I don't know if this counts? I saw these > ports open. Shouldn't these be closed or am I being fooled by the > firewall and these are really on the inside?: > > (The 1520 ports scanned but not shown below are in state: closed) > Port State Service > 53/tcp open domain > 80/tcp open http > 1023/tcp open unknown
The main structure of the firewall is designed to prevent packets from entering on to your external interface from ip's on the outside, trying to initialize connections from their end and to penetrate your system without your consent. What you're trying to do with nmap is to peek from the inside and you will usually get ports that are listed as open but only from the inside part of your network. If you scan them from outside then they will be listed as closed, since the firewall is shielding them from that end. Rick Onanian has a security list with sites that use nmap, nessus, etc., try Secure Design or Vulnerabilities.org: http://leaf.sourceforge.net/devel/thc/#Security dnscache - 53/tcp open domain weblet - 80/tcp open http bandwidth monitor (weblet) - 1023/tcp open unknown Closed on the outside but open on the inside (but weblet can be configured to be seen on the outside but it's not, by default)... -- Patrick Benson Stockholm, Sweden _______________________________________________ Leaf-user mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/leaf-user