A popular tool for checking what services are available on a network interface is nmap.
While nmap is an excellent tool for checking network interfaces on your own computer
or private LAN, it should not be used to check for available services on computers that
are not yours. Using nmap on someone else??™s computer is like checking all the doors and windows on
a person??™s house to see if you can get in. It is considered an intrusive act. Use nmap only to make sure
your own ???doors and windows??? are secure.
Following is an example of using nmap to scan a large number of ports on the firewall system you
just configured to see what services appear to be available from the two network interfaces on the
firewall (eth0 and eth1). To do this effectively, you need to run the nmap command from a computer
outside your local firewall. That??™s because you don??™t want to see what is going on inside your
firewall; you want to see the outside world??™s view of your firewall.
CAUTION
NOTE
476
Choosing and Installing a Linux Distribution Part III
From the firewall computer, you??™d first get the IP address of the external Internet interface on
eth0 by running ifconfig eth0. For this example, that IP address is 323.45.67.89. (Remember
that that is not a real IP address; it??™s used so you don??™t use nmap to scan a real computer on the
Internet.
Pages:
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934