Penetration Testing mailing list archives
[PEN-TEST] Disabling WatchGuard scan detection
From: Alex Butcher <alex () S3 INTEGRALIS CO UK>
Date: Wed, 28 Mar 2001 17:38:04 +0100
Hi - We're working on a vulnerability scan for a customer who's utilizing a WatchGuard firewall (not sure exactly what type); unfortunately, they have enabled the automatic scan detection functionality which drops my scan host into a blackhole for 20+ minutes as soon as I violate one of the firewall policies. :( We've tried (with help from WatchGuard!) to make the firewall less twitchy on the trigger, but it only seems to have made things worse. We're not a WatchGuard partner, so I'm not much help right now. :C Anyone got any /concise/ tips on how WatchGuard firewalls should be configured to as to ignore port scans, policy violations and suchlike? Note that I'm not talking about adding a rule that allows my scan host to do *anything*; I just want to be able to assess hosts behind the firewall accurately. Nmap slow (Sneaky) scans got through initially, but the changes that have been made since appear to prevent even that... Thanks in advance for any help offered, Alex. (yes, I *will* be pointing out the DoS potential in the report - "Hi, I'm your ISP's DNS and I'm portscanning you!" *kerchunk* *slam*) -- Alex Butcher PGP/GnuPG Key IDs: Consultant, S3 Systems Security Services alex@s3 B7709088 PGP: http://www.s3.integralis.co.uk/pgp/alex.pgp alex.butcher@ 885BA6CE
Current thread:
- [PEN-TEST] Disabling WatchGuard scan detection Alex Butcher (Mar 28)