1. Home
  2. Linux systems
  3. Learning red hat enterprise linux and fedora

11.6 Checking Your Security by Using Nmap

Many users have misconfigured firewalls such that they are all but useless in defending against attacks. You can determine the state of your firewall by using the same tool hackers use to find its weaknesses, Nmap. To install Nmap, use the Package Management Tool to install the System Tools package group, and the extra package nmap.

Unfortunately, Nmap doesn't have a place on the GNOME or KDE menus. Instead, you use Nmap by issuing shell commands from a terminal window.

Nmap has enough features to be the topic of a book. You can learn more about Nmap from its author's web site, http://www.insecure.org/. A vanilla use of Nmap involves configuring it to send TCP or UDP packets to every important port of a specified system. The target system's responses reveal whether it has services listening on scanned ports.

To scan your system, open a terminal window, become the root user and issue a command having the form:

# nmap -sT -sU -p 1-1023 xxx.xxx.xxx.xxx

where xxx.xxx.xxx.xxx is the IP address of your system. After a few seconds, Nmap reports the ports on which services are listening:

Starting nmap V. 3.00 ( www.insecure.org/nmap/ )

Interesting ports on  (192.168.83.131):

(The 2042 ports scanned but not shown below are in state: closed)

Port       State       Service

22/tcp     open        ssh

68/udp     open        dhcpclient

80/tcp     open        http

123/udp    open        ntp

                                                                                

Nmap run completed -- 1 IP address (1 host up) scanned in 5 seconds

Some ports listed in Nmap's report may not be remotely accessible. Therefore, to accurately determine the state of a system, you must scan it remotely. If a remote scan of your system discloses unexpected open ports, you should check your firewall and service configurations to determine whether anything is amiss.

Open ports above port 1023 that come and go with successive scans are not generally cause for concern. Usually, these are associated with established connections and are not really open. However, they can also be an early indication of the presence of a Trojan horse installed by an attacker. It's good practice to scan your hosts after you configure them so that you can later distinguish normal from abnormal behavior.

Don't scan someone else's system without permission. In some jurisdictions, it's a crime to do so. Even when scanning is legal, it may violate your ISP's terms of use. And, even if your ISP doesn't object, the scanned host's administrator may believe that the host is under attack, diverting his or her attention from other business. So, it's best to scan only systems on your local network, under your direct administrative control.




    		Learning Red Hat Enterprise Linux & Fedora, 4th Edition
    		Preface
    		Chapter 1. Why Run Linux?
    		Chapter 2. Preparing to Install Linux
    		Chapter 3. Installing Linux
    		Chapter 4. How Linux Works
    		Chapter 5. Using the GNOME and KDE Desktops
    		Chapter 6. Using Linux Applications
    		Chapter 7. Conquering the bash Shell
    		Chapter 8. Installing Software Using the RPM Package Manager
    		Chapter 9. Configuring and Administering Linux
    		Chapter 10. Connecting to the Internet
    		Chapter 11. Setting Up Network Services
    		11.1 Configuring Hosts
    		11.2 Samba
    		11.3 Running Apache
    		11.4 The Secure Shell
    		11.5 Implementing a Basic Firewall
    		11.6 Checking Your Security by Using Nmap
    		11.7 Network Security Tips
    		Chapter 12. Advanced Shell Usage and Shell Scripts
    		Appendix A. Linux Directory Tree
    		Appendix B. Principal Linux Files
    		Appendix C. Managing the Boot Process
    		Appendix D. Linux Command Quick Reference
    		Colophon