HPE Community
Operating System - HP-UX
1820307 Members
2474 Online
109622 Solutions
New Discussion юеВ

Re: How to find out the Firewall has open ports.

 
Amruth
Regular Advisor

тАО01-12-2005 12:17 PM

тАО01-12-2005 12:17 PM

How to find out the Firewall has open ports.

All,

I have a server in our diaster recovery site and need to install a security related software on that. The Management station for the security software is on other side of a firewall.

how can i confirm from my disaster recovery server that firewall ports are open so that the managment station can talk the client continuously to get the alerts.

lets assume the ports are 1001 and 1300

Any suggestion is accepted.

Tx,
AM

If i am doing the same way you are doing to me then what is the difference between us.
0 Kudos
Reply
8 REPLIES 8
Biswajit Tripathy
Honored Contributor

тАО01-12-2005 12:26 PM

тАО01-12-2005 12:26 PM

Re: How to find out the Firewall has open ports.

Try to do a telnet to the above ports from outside
firewall to see if it's blocked:

$ telnet management_station_IP_address 1001/tcp

The above command will timeout if the port is blocked
(or return immediately with "connection denied" if
firewall is configured to send back a RST). If the
port is open, you would get a message
like "Connected to "

- Biswajit
:-)
0 Kudos
Reply
Ionut Grigorescu_2
Super Advisor

тАО01-13-2005 09:44 PM

тАО01-13-2005 09:44 PM

Re: How to find out the Firewall has open ports.

Hi,

you can use nmap, is a very good port scaner:
http://www.insecure.org/nmap/nmap_download.html

have fun...
If it weren't for STRESS I'd have no energy at all
0 Kudos
Reply
Bill Hassell
Honored Contributor

тАО01-14-2005 01:08 AM

тАО01-14-2005 01:08 AM

Re: How to find out the Firewall has open ports.

This is not simple to answer. While a network administrator would say the port is open or closed, behind this answwer are options such as one-way versus two-way, port open only to specific IP addresses either inside or outside or both, port closed to IP addresses without a valid DNS value, ports open to specific MAC addresses, etc. telnet can connect on any port (telnet remote_host 1001 but it will likely not return anything useful except that the port was closed. It cannot tell you if it was closed by the remote host or the firewall.

You need to talk to your firewall administrator. Since this is managing security software, the port must be locked down very tight to prevent intrusion--you don't want it fully opened.


Bill Hassell, sysadmin
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

тАО01-14-2005 01:14 AM

тАО01-14-2005 01:14 AM

Re: How to find out the Firewall has open ports.

You should check with management before you start running port scans.

There are a number of good websites that will probe your firewall for you, however some organizations require permission prior to doing such things.

Some of these sites can dirupt your organizations's Internet access.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
Jeff Schussele
Honored Contributor

тАО01-14-2005 01:32 AM

тАО01-14-2005 01:32 AM

Re: How to find out the Firewall has open ports.

Hi,

I have to agree with Bill.
There are far too may reasons why a request to the port could be denied.
The best way to determine port status is to ask the admin of that FW exactly what the status is.

My 2 cents,
Jeff
PERSEVERANCE -- Remember, whatever does not kill you only makes you stronger!
0 Kudos
Reply
Ralph Grothe
Honored Contributor

тАО01-14-2005 01:35 AM

тАО01-14-2005 01:35 AM

Re: How to find out the Firewall has open ports.

True, taking also into account that a firewall can as well just open up certain ports on receiving a specific pattern via port knocking makes it even more difficult.
Although most times you don't need this sophistication.
First talk to your firewalls' admins, and ask them if the port you require is open.
They have logs to look at and trace your passing attempts.
Generally nmap is quite a good tool.
It even provides various "stealth" scanning strategies to trick some firewalls and can do operating system detection (most of the times)
Because occasionally communication to our or unknown firewall admins is somewhat impaired, or because we lack time for,
nmap has proven very valuable to us.
Madness, thy name is system administration
0 Kudos
Reply
Emanuele De Angelis
Frequent Advisor

тАО01-14-2005 01:39 AM

тАО01-14-2005 01:39 AM

Re: How to find out the Firewall has open ports.

Try nessus.
Nessus is a security scanner.
Bye
0 Kudos
Reply
Amruth
Regular Advisor

тАО01-14-2005 04:41 AM

тАО01-14-2005 04:41 AM

Re: How to find out the Firewall has open ports.

Thanks to all.

The security here is very tight.

I am in touch with the Network floks to help me.

regards,
AM
If i am doing the same way you are doing to me then what is the difference between us.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.