Penetration Testing mailing list archives

Re: [PEN-TEST] Firewalking

From: "Woch, Wojciech" <Woch_W () ADMIRAL FR>
Date: Thu, 8 Mar 2001 11:37:59 +0100

What would be the best way to determine what kind of firewall is
running on a server? Especially one that does not give out any
banners. TCP-fingerprinting is not possible because there are
no obvious open ports.


If it's a Firewall-1 v4.1 and you hit a Reject rule (one that generates a
RST+ACK from the firewall), within the IP header, the ID field will be 0 and
the original TTL set to 59.

Current thread:

[PEN-TEST] Firewalking Pepijn Vissers (Mar 06)
- Re: [PEN-TEST] Firewalking Tom Vandepoel (Mar 06)
- Re: [PEN-TEST] Firewalking Enno Rey (Mar 06)
  - Re: [PEN-TEST] Firewalking Alberto Román (Mar 07)
- Re: [PEN-TEST] Firewalking honoriak (Mar 06)
- Re: [PEN-TEST] Firewalking Ivan Buetler (Mar 07)
- Re: [PEN-TEST] Firewalking Jan Muenther (Mar 07)
  - [PEN-TEST] RES: [PEN-TEST] Firewalking Cristiano Lincoln Mattos (Mar 07)
- <Possible follow-ups>
- Re: [PEN-TEST] Firewalking Woch, Wojciech (Mar 08)