RE: [PEN-TEST] Detecting the presence of a firewall

[MadHat <madhat () unspecific com>]

At 11:41 AM 5/14/2001 -0400, Ansar Mohammed wrote:
> Yes there is a way.
>
> A while ago blackhat released an exploit for checkpoint fw-1.
>
> A side effect of the exploit, regardless of wether it works or not is
> that it displays all ip interfaces of the firewall. However, the
> firewall rules must allow you to access the management ports.
>
>
> The exploit runs on Linux or OpenBSD. You can find it at
> www.blackhat.com

BlackHat.com is for the BlackHat Briefings put on by DT, I mean Jeff Moss.

anyway the talk can be found here (powerPoint, SureStream audio and Video)
http://www.blackhat.com/html/bh-usa-00/bh-usa-00-speakers.html#John McDonald
(sorry for the bad URL, they have a space in it)
But BlackHat did not release an exploit.

Details by the team that presented it can be found at
http://www.dataprotect.com/bh2000/
along with powerpoint slides and the source for their exploit.




> > -----Original Message-----
> > From: Penetration Testers [mailto:PEN-TEST () SECURITYFOCUS COM]
> > On Behalf Of priya subramanian
> > Sent: Monday, May 07, 2001 5:11 AM
> > To: PEN-TEST () SECURITYFOCUS COM
> > Subject: [PEN-TEST] Detecting the presence of a firewall
> >
> >
> > Pl clarify the following
> >
> > 1. Are there any means of detecting the presence of a
> > checkpoint firewall at a company's premises,  from a remote location.
> >
> > 2.Knowing one interface of the firewall machine, is it
> > possible for me to find the ip addresses of the other interfaces.
> >
> > Kindly reply at the earliest.
> >
> > Priya
> >
> >
> >
> >
> >
> >
> > ____________________________________________________________
> > Do You Yahoo!?
> > For regular News updates go to http://in.news.yahoo.com
> >

--
MadHat at unspecific.com