Re: [SLUG] System security

From: Paul M Foster (paulf@quillandmouse.com)
Date: Tue May 15 2001 - 22:16:15 EDT


On Tue, May 15, 2001 at 06:02:10PM -0400, Derek Glidden wrote:

<snip>

> Of course, to effectively use nmap or
> nessus, you need an offsite system from which to run the scans, which
> makes it a little less convenient for people with home DSL connections
> just trying to check their security.

Aside from ipchains/firewall rules, it appears to me that servers don't
really make a distinction between LAN and internet when it comes to
ports and services. For example, if you run sendmail on your firewall
(ignoring firewall rules again), your firewall server doesn't really
know/care whether port 25 packets come from the LAN or the internet.
Correct me if I'm wrong here.

But if that's the case, would it be worthwhile to run nmap and the
others from inside your LAN, pointed at your firewall?

The reason I ask is because I have one of those "inconvenient" home DSL
connections.

Paul



This archive was generated by hypermail 2.1.3 : Fri Aug 01 2014 - 17:55:58 EDT