Paul Asadoorian wrote on 6/10/09 8:21 AM: > Chris Bentley wrote: >> Paul/Ron any idea what type of scans I could run using nmap or nessus. >> Also this would make a good technical segment for the show. > > Great question! See below for answers that are just off the top of my head: > > 1) nmap -sT -n -T4 -p1-65535 <targets behind the firewall>
Might as well go with -p0- at that point. Who knows, you might pick up something weird. The SANS "are you ready for this course" quiz is incorrect on this point... > That will take some time, but the connect() scan works better for > firewalls and causes them not to crash/fill up state table. Always scan > all ports, and you can also mess around with different source ports too. -T4 may make your firewall go crazy too. I was always loath to go through our NS500s with that. > 2) nmap -sU -n -T4 -p1-65535 <targets behind the firewall> > > Don't forget UDP! Or port 0! :) Mike _______________________________________________ Pauldotcom mailing list [email protected] http://mail.pauldotcom.com/cgi-bin/mailman/listinfo/pauldotcom Main Web Site: http://pauldotcom.com
