Tuesday, August 6, 2013

Nmap TCP-SYN scan results with Linux firewall - ufw


192.168.1.2 [root@bt]
BackTrack 5 R2 running on Oracle VM Virtual Box
Linux 3.2.6
Network adapter : Host-only Adapter
Nmap verion 5.61


192.168.1.1 
Linux Mint 12 - 3.0.0-12-generic
Network Adapter : Host-only Adapter (vboxnet0)
Firewall : Graphical user interface for ufw
Firewall Configuration : Deny All incoming from 192.168.1.2 to 192.168.1.1


Scan 1 : TCP-SYN scan 
Firewall OFF
root@bt:~# nmap -PN -sS -n 192.168.1.1
Result : 3 open ports discovered.


Scan 2 : TCP-SYN scan
Firewall ON
root@bt:~# nmap -PN -sS -n 192.168.1.1
Note : ARP works at a layer below IP, so IP address not involved in the filtering!!!
Result : All 1000 scanned ports filtered.


Scan 3 : TCP-SYN scan with fragmentation
Firewall ON
root@bt:~# nmap -PN -sS -f -n 192.168.1.1
Result : All 1000 scanned ports filtered.


Scan 4 : TCP-SYN scan for ports 23,139,445
Firewall ON
root@bt:~# nmap -PN -sS -p23,139,445 -n 192.168.1.1
Result : 3 ports filtered ports discovered.


Scan 5 : TCP-SYN scan with Source IP as 192.168.1.3
Firewall ON
root@bt:~# nmap -PN -sS -e eth6 -S 192.168.1.3 -n 192.168.1.1
Note:  No host with IP 192.168.1.3 exists on the network.
Here Nmap sends packets with the MAC Addr of 192.168.1.2
Result : 3 open ports discovered.





Labels:

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)