[gentoo-user] Detecting local host firewall

[gentoo-user] Detecting local host firewall

[Frank.Pikelner]

[-- Attachment #1: Type: text/plain, Size: 1608 bytes --]

Is there a way to detect programmatically whether the local host has a
firewall enabled?

 

Thank you,

 

Frank





-------------------------------------------------------------------------------------------------------------------------------------------------------------------- 
This e-mail message (including attachments, if any) is intended for the use of the individual or entity to which it is addressed and may contain information that is privileged, proprietary , confidential and exempt from disclosure.  If you are not the intended recipient, you are notified that any dissemination, distribution or copying of this communication is strictly prohibited.  If you have received this communication in error, please notify the sender and erase this e-mail message immediately.
-------------------------------------------------------------------------------------------------------------------------------------------------------------------- 
Le present message electronique (y compris les pieces qui y sont annexees, le cas echeant) s'adresse au destinataire indique et peut contenir des renseignements de caractere prive ou confidentiel. Si vous n'etes pas le destinataire de ce document, nous vous signalons qu'il est strictement interdit de le diffuser, de le distribuer ou de le reproduire. Si ce message vous a ete transmis par erreur, veuillez en informer l'expediteur et le supprimer immediatement.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------- 



[-- Attachment #2: Type: text/html, Size: 3413 bytes --]

Re: [gentoo-user] Re: Detecting local host firewall

[Arturo 'Buanzo' Busleiman]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Harry Putnam wrote:
> So maybe parsing nmap output can be done programmatically.

Nmap supports different '-o" (output) formats, including xml, and "machine-parseable". Good enough
to be fed into awk or whatever.

- --
Arturo "Buanzo" Busleiman - www.buanzo.com.ar
Consultor en Seguridad Informatica / Dominio Digital TV - Da FOSS man!
KTP Consultores - info AT ktpconsultores.com.ar

Romper un sistema de seguridad los acerca tanto a ser hackers como el
encender autos puenteando los convierte en ingenieros automotrices.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFDd4TIAlpOsGhXcE0RAtA9AJ4q3/Imc2CW70MHh1skv3gwgDqBCQCfXHOj
bd/Tk5fNTw7McDmXbgO7978=
=9MH8
-----END PGP SIGNATURE-----
-- 
gentoo-user@gentoo.org mailing list

[gentoo-user] Re: Detecting local host firewall

[Harry Putnam]

Frank.Pikelner@blue-dot.ca wrote:
> Is there a way to detect programmatically whether the local host has a 
> firewall enabled?

nmap can return enough informatin to surmize that.  It may even be able 
to tell you straight out.  I'm not that familiar with all its switches.

Running nmap -v -P0 host  will give you enough to make a good guess.

So maybe parsing nmap output can be done programmatically.

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: Detecting local host firewall

[Bryce Verdier]

Harry Putnam wrote:

> Frank.Pikelner@blue-dot.ca wrote:
>
>> Is there a way to detect programmatically whether the local host has 
>> a firewall enabled?
>
>
> nmap can return enough informatin to surmize that.  It may even be 
> able to tell you straight out.  I'm not that familiar with all its 
> switches.
>
> Running nmap -v -P0 host  will give you enough to make a good guess.
>
> So maybe parsing nmap output can be done programmatically.
>
There is... in the August issue of SysAdmin, there was an article on how 
to write a PERL frontend for NMAP... it was pretty cool and pretty easy 
(for the simple stuff). The article name is "Vulnerability Assessments 
with NMAP & Nessus".

I know the code you can find online, and maybe by now you can find the 
article itself.

bryce


-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: Detecting local host firewall

[John Holden]

btv@cs.pdx.edu wrote:

> Harry Putnam wrote:
>
>> Frank.Pikelner@blue-dot.ca wrote:
>>
>>> Is there a way to detect programmatically whether the local host has 
>>> a firewall enabled?
>>
>>
>>
>> nmap can return enough informatin to surmize that.  It may even be 
>> able to tell you straight out.  I'm not that familiar with all its 
>> switches.
>>
>> Running nmap -v -P0 host  will give you enough to make a good guess.
>>
>> So maybe parsing nmap output can be done programmatically.
>>
> There is... in the August issue of SysAdmin, there was an article on 
> how to write a PERL frontend for NMAP... it was pretty cool and pretty 
> easy (for the simple stuff). The article name is "Vulnerability 
> Assessments with NMAP & Nessus".
>
> I know the code you can find online, and maybe by now you can find the 
> article itself.
>
> bryce
>
>
If you're familiar with Perl these modules should provide all the 
functions you need: http://search.cpan.org/search?query=nmap&mode=all
To determine whether a host is firewalled or not, you'll probably want 
to take a look at the "extraports", meaning ports that weren't 
listening.  Generally speaking, when a firewall is runnings, nmap finds 
that these ports are "filtered", and when no firewall is in use, these 
extraports are in state "closed."

If you're not into Perl, you can just grab the output of an Nmap scan in 
your favorite programming language and look at whether the extra ports 
are filtered or closed.

As a side note, you may want to make sure you're scanning the machines 
external IP address and not "localhost", as some software uses TCP ports 
(bound only to the loopback address) for interprocess communication.

 - John
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Detecting local host firewall

[Sascha Lucas]

> Is there a way to detect programmatically whether the local host has a
> firewall enabled?

as root: iptables -vnL

as user you may look at some files. They are indicators... interpret 
them. I don't know how to get the rule set.

$ test -d /proc/sys/net/ipv4/netfilter

get info from /proc/sys/net/ipv4/netfilter/* and /proc/net/ip_*

look for logs
$ dmesg | grep 'IN=.*OUT=.*SRC=.*DST=.*'

gentoo: specific
$ /etc/init.d/iptables status
$ test -s /var/lib/iptables/rules-save

Sascha.

-- 
gentoo-user@gentoo.org mailing list