nmap & CIS

I downloaded nmap and as soon as I did, IE griped at it and then CIS. My question:

If I ALLOW this software to run on my PC, will CIS still block it from an outside source using the product? It sounds like a dumb question, but I want to know from the group here if using tools like this on my computer will effectively leave my system vulnerable.

My thought is that I have CIS blocking ICMP packets, I’m on a NAT, and I have WPA on my wireless. I don’t feel like it would cause a problem, but you never know.

I read some posts about nmap being used on CIS 3.0.x and there were some minor issues from what I see. But that was scanning from an external source.

I also use Softperfect as a way to make sure nobody is piggy backing on my wireless net (if there is a better freeware package, post the link. I have Laser Wraith’s list of security software from Gizmo).

What did the alerts say?

Nmap in the hands of hacker is a dangerous program. In the hands of somebody with no ill intentions it is a useful tool to scan one’s local network to see if there are any open ports.

It’s a tool and it is all in the intent of the user of the tool whether it is used for good or for bad.

Just your basic Comodo IS alerts (Allow this program, Create a Time Machine Point) of which I select both. But I always wondered if I allow nmap to run on my computer, by some method unbeknownst to me, someone could use nmap and get into my system. Common sense says no because they would use nmap externally and it would be stopped by CIS (I don’t have ICMP packets enabled so they couldn’t see my network).

I never leave anything unchecked so I wanted a second opinion from the group.

Nmap results strongly rely on receiving packets and interpreting these results.
Interfering CIS/FW can reduce the accuracy of such tools.

I normally allow it for D+ and temp. disable the FW while scanning to prevent strange results.

Nmap should be able to receive all traffic responses it may have caused so blocking anything is directly impacting the results, allowing all isn’t possible as a vast majority of the calls are handled by “system” and you certainly don’t wish to allow that on “any-any” :wink: