Linux Server Nmap Security Scanning

Nmap (“Network Mapper”) is a free open source utility for network exploration or security auditing. It was designed to rapidly scan large networks, however it also works fine against single host. Nmap uses raw IP packets in novel ways to determine what hosts are available on the network, what services (application name and version) they are offering, what operating system (and OS version) they are running, what type of packet filters/firewalls are in use, and dozens of other characteristics.

Nmap is available for many computer operating systems – Redhat Linux, Debian Linux, Gentoo, FreeBSD, OpenBSD, etc…

Download Nmap:

You can download the latest source of Nmap at:

http://www.insecure.org/nmap/index.html

Installation of Nmap:

X86 (PC) users can install the latest version of Nmap in seconds with the following simple linux command:

rpm -vhU http://download.insecure.org/nmap/dist/nmap-3.50-1.i386.rpm

Security Scanning:

Nmap will tell you which ports are open on your computer, which are vulnerable to be attacked. There are some Scan Types (e.g. -sS, -sT, -sU) which are most commonly used for security scanning. For a quick port scan, run nmap -sT and nmap -sU separately. -sT is for TCP, and -sU is for UDP.

The following is an example of security scanning using Nmap:

[root@pclinux download]# nmap -sS 192.168.1.3

Starting nmap 3.50 ( http://www.insecure.org/nmap/ )
Interesting ports on 192.168.1.3:
(The 1653 ports scanned but not shown below are in state: closed)
PORT STATE SERVICE
22/tcp open ssh
80/tcp open http
111/tcp open rpcbind
443/tcp open https
1024/tcp open kdm
10000/tcp open snet-sensor-mgmt

Nmap run completed — 1 IP address (1 host up) scanned in 3.521 seconds

Simple Analysis of Nmap Security Scanning:

Please note that the outcome of the scanning depends entirely what services your server is offering to your clients. Take the above security scanning as an example. If your server is just offering web hosting service to your customers, you may consider:

  1. Close the 1024/tcp open kdm – no need for a webserver
  2. Close the 10000/tcp open snet-sensor-mgmt – also no need for a webserver
  3. Close 111/tcp open rpcbind – unless portsentry is installed

You may also like...