Penetration Testing mailing list archives
RE: SGS 5400 firewalls
From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 13 Mar 2006 09:56:35 -0500
-----Original Message----- Subject: RE: SGS 5400 firewalls
You might want to start by looking for TCP port 2456. This is the SSL web
based management
port. Admin is a good username to start with. Also look for TCP port 22
(i.e. OpenSSH).
Be advised, if the admins are smart, they have added filters to protect
these ports external
connections. The logging is also very good so whatever you try, they
should notice it. By default, SGMI (port 2456) is only accessible via the interface that is designated as the 'Inside' interface as configured via the front panel LED. Additionally, instead of a traditional SSH connection, these firewalls use a proprietary service the vendor calls Secure Remote Login that listens on TCP/423 (not TCP/22). This service relies on both a shared secret for the SRL service as well as valid firewall admin credentials (so 1 user/pass pair, plus a shared secret). It requires a custom client that Symantec provides (a modified TeraTerm Pro) called srlclient8. This service is also only accessible via the 'Inside' interface by default. So if this is an external pen test of the firewall, and you can connect to 2456 (should get SSL challenge for cert signed by internal CA) or TCP/423, these are findings in and of themselves, regardless of whether or not you can actually authenticate and use these services to gain access to the device. PaulM ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------------
Current thread:
- SGS 5400 firewalls e . lewis (Mar 02)
- Re: SGS 5400 firewalls Volker Tanger (Mar 03)
- RE: SGS 5400 firewalls Paul Melson (Mar 03)
- RE: SGS 5400 firewalls Darren Webb (Mar 12)
- RE: SGS 5400 firewalls Paul Melson (Mar 13)
- Re: SGS 5400 firewalls Bernardo Wernesback (Mar 13)
- RE: SGS 5400 firewalls Paul Melson (Mar 14)
- RE: SGS 5400 firewalls Paul Melson (Mar 13)