[c-nsp] Nmap(way ot)
Kern, Tom
tkern at CHARMER.COM
Wed May 4 16:01:13 EDT 2005
Thats just a generic explanation of proxy arp. it doesn't explain how the WG implementation would "break" nmap.
If proxy arp was causing this then i couldn't use nmap behind a cisco router, which isn't the case.
just replying on a devices behalf would its own mac address shouldn't produce the effect of namp thinking it was scanning the replying or proxy arping device.
according to WG, it just forwrds the packets on to the destination device without rewriting anything in the packet.
also, this never occured with the FB III model which did proxy arp as well in drop in mode.
i think there is something else going on.
thanks for all your help
nevot wrote:
> then the router is not directly connected, and if the router is in the
> same subnet (IP level) than the hosts, proxy arp is working, AFAIK,
> http://www.watchguard.com/glossary/p.asp?s=print (look for proxy arp)
>
> sure you'll find more documentation in watchguard's website
>
> 2005/5/4, Kern, Tom <tkern at charmer.com>:
>> internet router is connected via a crossover cable to the "external"
>> int of the watchguard. the "trusted" int of the wg is connected to
>> a cisco cat 4500 switch. host i'm nmaping from is connected to the
>> same switch.
>>
>> i'm not sure how proxy arp would affect this. most cisco routers do
>> proxy arp by default which means i would be experiencing the same
>> thing without a wg.
>>
>> thanks
>>
>>
>> nevot wrote:
>>> probably you are using your watchguard doing ARP proxy of your
>>> router, that is, in the 'inside' part of your network, all ARP
>>> requests for the IP of your router are responsed by the watchguard,
>>> and your router is in an 'outside' part. can you describe the
>>> physical connections and the IPs on you network?
>>>
>>> 2005/5/4, Kern, Tom <tkern at charmer.com>:
>>>> As you write, nmap works on a variety of ports and protocols so an
>>>> http proxy would just see http headers and traffic not the
>>>> smtp,ftp,ldap,etc ports nmap is working on, so I don't think that
>>>> would be the case. And also, I probably should of said this first,
>>>> the watchguard I'm running is NOT running an http proxy. Its only
>>>> running an incoming smtp proxy rule.
>>>> All the rest are stateful packet filters.
>>>>
>>>> Thanks
>>>> --------------------------
>>>> Sent from my BlackBerry Wireless Handheld (www.BlackBerry.net)
>>>>
>>>>
>>>> _______________________________________________
>>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
>>>>
>>>
>>> _______________________________________________
>>> cisco-nsp mailing list cisco-nsp at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-nsp
>>> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list