Internal NMap Scans

Follow

Anakin Skywalker

• March 18, 2023 17:47

Hi Guys,

I read somewhere that nmap scans on an internal network can sometimes end "badly" for some routers (making them hang, bricking, and so forth).  It has been quite a while, and I cannot find any thing current to back this up.  I just want to be sure about how the Firewalla will react.  I would assume that it would light up a great deal of alarms, and the NIDS/NIPS would take over.  Are there any types of scans I should avoid?  Thanks!

Mongo

0

• 

  Firewalla

  • March 19, 2023 02:51

  Firewalla itself should just alarm ... if there is a scan. But I do know some windows antivirus will block the router if the firewalla scan (LAN scan) is on. 

  0

  Comment actions Permalink
• 

  Anakin Skywalker

  • March 19, 2023 14:57

  Thanks!

  0

  Comment actions Permalink
• 

  Anakin Skywalker

  • April 30, 2023 01:26

  Well, I finally got around to running an internal scan of my main subnet (good thing too, as a Norton software upgrade exposed several ports internally).  Actually, I ran several such scans when trying to troubleshoot.  All of the host-based firewalls lit up as expected when being hit by a "cyber-firestorm," but Firewalla did not give a single alert.  I have the cyber-incident alerts turned on.  Is there some setting I am missing, or is my understanding of the IDS/IPS all wet and a regular scan is not sufficient to trigger anything in the first place?  If so, how can I test the internal IDS/IPS?  Thanks!

  0

  Comment actions Permalink
• 

  Firewalla

  • April 30, 2023 01:29

  If you are doing a same LAN-to-same LAN scan, traffic don't go through firewalla ... so there is no way any firewall or router will see that. 

  0

  Comment actions Permalink
• 

  Anakin Skywalker

  • April 30, 2023 01:51

  Got it.  I have so much to learn... Thank you for your patience!

  0

  Comment actions Permalink

Please sign in to leave a comment.