1 |
btv@××××××.edu wrote: |
2 |
|
3 |
> Harry Putnam wrote: |
4 |
> |
5 |
>> Frank.Pikelner@××××××××.ca wrote: |
6 |
>> |
7 |
>>> Is there a way to detect programmatically whether the local host has |
8 |
>>> a firewall enabled? |
9 |
>> |
10 |
>> |
11 |
>> |
12 |
>> nmap can return enough informatin to surmize that. It may even be |
13 |
>> able to tell you straight out. I'm not that familiar with all its |
14 |
>> switches. |
15 |
>> |
16 |
>> Running nmap -v -P0 host will give you enough to make a good guess. |
17 |
>> |
18 |
>> So maybe parsing nmap output can be done programmatically. |
19 |
>> |
20 |
> There is... in the August issue of SysAdmin, there was an article on |
21 |
> how to write a PERL frontend for NMAP... it was pretty cool and pretty |
22 |
> easy (for the simple stuff). The article name is "Vulnerability |
23 |
> Assessments with NMAP & Nessus". |
24 |
> |
25 |
> I know the code you can find online, and maybe by now you can find the |
26 |
> article itself. |
27 |
> |
28 |
> bryce |
29 |
> |
30 |
> |
31 |
If you're familiar with Perl these modules should provide all the |
32 |
functions you need: http://search.cpan.org/search?query=nmap&mode=all |
33 |
To determine whether a host is firewalled or not, you'll probably want |
34 |
to take a look at the "extraports", meaning ports that weren't |
35 |
listening. Generally speaking, when a firewall is runnings, nmap finds |
36 |
that these ports are "filtered", and when no firewall is in use, these |
37 |
extraports are in state "closed." |
38 |
|
39 |
If you're not into Perl, you can just grab the output of an Nmap scan in |
40 |
your favorite programming language and look at whether the extra ports |
41 |
are filtered or closed. |
42 |
|
43 |
As a side note, you may want to make sure you're scanning the machines |
44 |
external IP address and not "localhost", as some software uses TCP ports |
45 |
(bound only to the loopback address) for interprocess communication. |
46 |
|
47 |
- John |
48 |
-- |
49 |
gentoo-user@g.o mailing list |