From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.50) id 1EbOxL-0000WI-IM for garchives@archives.gentoo.org; Sun, 13 Nov 2005 21:00:08 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.5/8.13.5) with SMTP id jADKxADe016968; Sun, 13 Nov 2005 20:59:10 GMT Received: from uni21mr.unity.ncsu.edu (uni21mr.unity.ncsu.edu [152.1.2.137]) by robin.gentoo.org (8.13.5/8.13.5) with ESMTP id jADKt5Oa020175 for ; Sun, 13 Nov 2005 20:55:05 GMT Received: from [152.7.64.41] (sgw25717RN.rh.ncsu.edu [152.7.64.41]) by uni21mr.unity.ncsu.edu (8.12.10/8.12.10/N.20040817.03) with ESMTP id jADKs9kO004976 for ; Sun, 13 Nov 2005 15:54:09 -0500 (EST) Message-ID: <4377A827.2070201@users.sourceforge.net> Date: Sun, 13 Nov 2005 15:55:03 -0500 From: John Holden User-Agent: Mozilla Thunderbird 1.0.7 (X11/20051024) X-Accept-Language: en-us, en Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Re: Detecting local host firewall References: <437796BF.2080507@cs.pdx.edu> In-Reply-To: <437796BF.2080507@cs.pdx.edu> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-PMX-Version: 4.7.1.128075, Antispam-Engine: 2.0.3.2, Antispam-Data: 2005.11.13.23 X-Spam-Status: No, Hits=7% X-Spam-Level: IIIIIII X-Archives-Salt: e05aa12c-70b1-4362-98ec-58ef83384b8d X-Archives-Hash: d3ba764464a288a81fcbf2ff5324931f btv@cs.pdx.edu wrote: > Harry Putnam wrote: > >> Frank.Pikelner@blue-dot.ca wrote: >> >>> Is there a way to detect programmatically whether the local host has >>> a firewall enabled? >> >> >> >> nmap can return enough informatin to surmize that. It may even be >> able to tell you straight out. I'm not that familiar with all its >> switches. >> >> Running nmap -v -P0 host will give you enough to make a good guess. >> >> So maybe parsing nmap output can be done programmatically. >> > There is... in the August issue of SysAdmin, there was an article on > how to write a PERL frontend for NMAP... it was pretty cool and pretty > easy (for the simple stuff). The article name is "Vulnerability > Assessments with NMAP & Nessus". > > I know the code you can find online, and maybe by now you can find the > article itself. > > bryce > > If you're familiar with Perl these modules should provide all the functions you need: http://search.cpan.org/search?query=nmap&mode=all To determine whether a host is firewalled or not, you'll probably want to take a look at the "extraports", meaning ports that weren't listening. Generally speaking, when a firewall is runnings, nmap finds that these ports are "filtered", and when no firewall is in use, these extraports are in state "closed." If you're not into Perl, you can just grab the output of an Nmap scan in your favorite programming language and look at whether the extra ports are filtered or closed. As a side note, you may want to make sure you're scanning the machines external IP address and not "localhost", as some software uses TCP ports (bound only to the loopback address) for interprocess communication. - John -- gentoo-user@gentoo.org mailing list