Penetration Testing mailing list archives

Re: [PEN-TEST] Firewalking

From: Enno Rey <erey () IX URZ UNI-HEIDELBERG DE>
Date: Tue, 6 Mar 2001 22:31:37 +0100

Hi,

can you reach systems protected by the fw, e.g. servers in a DMZ?
Try to traceroute those systems (from a windows system, as UDP packets used
by Unix traceroute probably will be blocked) or firewalk them
(www.packetfactory.net/Projects/Firewalk/). Then you'll get packets
generated from the fw itself which you can analyze. Have a look at the
params of those packets e.g. the ttl [unix: 255-(number of hops) vs.
windows: (128-nr. hops)] and others (to be found on paper on ICMP usage for
scanning www.sys-security.com/html/papers.html).

You could also try different DoS which affect different OSs (jolt2,
bubonic.c etc.), though some work only on local subnets and furthermore this
may outside the scope of your test ;-))

Regards,

Enno Rey

erey () security-academy de --- www.security-academy.de
PGP 74C0 C7E1 3875 E4EB 9B75  8B9D 5E2D 3178 685B F222

Current thread:

[PEN-TEST] Firewalking Pepijn Vissers (Mar 06)
- Re: [PEN-TEST] Firewalking Tom Vandepoel (Mar 06)
- Re: [PEN-TEST] Firewalking Enno Rey (Mar 06)
  - Re: [PEN-TEST] Firewalking Alberto Román (Mar 07)
- Re: [PEN-TEST] Firewalking honoriak (Mar 06)
- Re: [PEN-TEST] Firewalking Ivan Buetler (Mar 07)
- Re: [PEN-TEST] Firewalking Jan Muenther (Mar 07)
  - [PEN-TEST] RES: [PEN-TEST] Firewalking Cristiano Lincoln Mattos (Mar 07)
- <Possible follow-ups>
- Re: [PEN-TEST] Firewalking Woch, Wojciech (Mar 08)