Penetration Testing mailing list archives
Re: Device fingerprinting
From: "The Blueberry" <acr872k () hotmail com>
Date: Tue, 20 Aug 2002 00:38:42 +0000
Hi again all, Since I get many
Do you get any headers from 21,23,25,80,110,119,443,8080?
I will remind you that that ports on the unknown device are exactly the same as on the webserver so I assume that they are forwards. Proper checks of the banners on the device have been done and they are the same as the ones of the corresponding ports on the webserver. The only remaining port that doesn't looks a forward to the webserver is 53. I successfully compromised a low account on the webserver and verified the fact that no nameserver is running on it. So either it is a forward to another box, either it is a daemon on the device itself (eliminates the fact of it being a cisco/firewall?) that is handling the requests. But now, how can I fingerprint the device since all ports are forwards? even on the internal adapter's port 23 I do not see any telltale sign of any way to administer it remotely. Could it be (like one person suggested off the list) a Checkpoint? A fact that goes in this theory is that an account exists on a NT workstation/mailserver (do not remember which) that has a login name of Borderware and a password of CheckPoint. Any insights?
--TB _________________________________________________________________MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Device fingerprinting TB (Aug 19)
- RE: Device fingerprinting Fernando Cardoso (Aug 20)
- Looks like a Borderware firewall (was Re: Device fingerprinting) Javier Fernández-Sanguino Peña (Aug 21)
- <Possible follow-ups>
- Re: Device fingerprinting The Blueberry (Aug 20)