Penetration Testing mailing list archives
Re: Fingerprinting PIX with nmap
From: "Jamie Riden" <jamie.riden () gmail com>
Date: Wed, 30 Apr 2008 07:59:15 +0100
On 29/04/2008, O.Kamal <okamalo () gmail com> wrote:
I got the following result while using nmap, the scan of port 25 gives the firewall brand, what should be the recommendation to disable that PIX fingerprinting? PORT STATE SERVICE VERSION 25/tcp open smtp Cisco PIX sanatized smtpd I guess disabling the mail guard "fixup smtp" on the pix is not a good idea.
We didn't use to use mailguard but let mail go straight from our MXs to our internal mail server. You might not need mailguard if you're confident in your mail server. Having said that, it won't be a huge surprise to anyone if you're using a PIX so I don't particularly think it's worth *trying* to hide it. (I suspect you can fingerprint PIXs in other ways, but don't have one handy to play with right now.) cheers, Jamie -- Jamie Riden / jamesr () europe com / jamie () honeynet org uk UK Honeynet Project: http://www.ukhoneynet.org/ ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Fingerprinting PIX with nmap O.Kamal (Apr 29)
- RE: Fingerprinting PIX with nmap Paul Melson (Apr 30)
- Re: Fingerprinting PIX with nmap Jamie Riden (Apr 30)