Penetration Testing mailing list archives
RE: [PEN-TEST] Detecting the presence of a firewall
From: "Geoghegan, Glyn (ISS London)" <glyng () iss net>
Date: Mon, 14 May 2001 16:53:00 -0400
nmap scans of poorly configured FW-1 boxes may also show UDP/53 and TCP/53 as 'closed' on the firewall and protected hosts, due to DNS lookups being permitted in the 'Policy Properties' dialogues. Whilst this is a relatively old mis-configuration (dates to early 4.0 deployments), it's still fairly common, and provides opportunities for an attacker to probe hosts behind the firewall, or to abuse those hosts through trojans or tunnelling. http://www.phoneboy.com/faq/0131.html G -- ~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~ ~~~~ ~~~ ~~ ~ G l y n G e o g h e g a n Consultant http://www.iss.net E:glyng () iss net T:+44 (0)20 7626 7070 F:+44 (0)20 7626 1114 Floor 6, Walbrook House, 23 Walbrook, London, EC4N 8BT, UK Internet Security Systems -- The Power to Protect! UK Sales & Information Hotline -- +44 (0)800 085 2976 See ISS at Internet World -- www.internetworld.co.uk -----Original Message----- From: railwayclubposse () hushmail com [mailto:railwayclubposse () hushmail com] Sent: 14 May 2001 17:44 To: PEN-TEST () securityfocus com Subject: RE: [PEN-TEST] Detecting the presence of a firewall For Checkpoint, use nmap and do a TCP and OS detection scan. If they are doing one-to-many NAT the machines will be detected as "behind a Checkpoint Firewall-1 4.1 SP2 Server" or whatever. The firewall itself is likely to have some combination of TCP ports 256-259, 264-265 open for management, auth, key exchange, etc.
-----Original Message----- From: priya subramanian [mailto:pentesting () YAHOO CO IN] Sent: Monday, May 07, 2001 5:11 AM To: PEN-TEST () SECURITYFOCUS COM Subject: [PEN-TEST] Detecting the presence of a firewall Pl clarify the following 1. Are there any means of detecting the presence of a checkpoint firewall at a company's premises, from a remote location. 2.Knowing one interface of the firewall machine, is it possible for me to find the ip addresses of the other interfaces. Kindly reply at the earliest. Priya Free, encrypted, secure Web-based email at www.hushmail.com
Free, encrypted, secure Web-based email at www.hushmail.com
Current thread:
- [PEN-TEST] Detecting the presence of a firewall priya subramanian (May 11)
- RE: [PEN-TEST] Detecting the presence of a firewall Ansar Mohammed (May 14)
- RE: [PEN-TEST] Detecting the presence of a firewall MadHat (May 14)
- <Possible follow-ups>
- RE: [PEN-TEST] Detecting the presence of a firewall Ansar Mohammed (May 14)
- RE: [PEN-TEST] Detecting the presence of a firewall railwayclubposse (May 14)
- Re: [PEN-TEST] Detecting the presence of a firewall Mule, Andrew (May 14)
- Re: [PEN-TEST] Detecting the presence of a firewall PinGer (May 16)
- RE: [PEN-TEST] Detecting the presence of a firewall Geoghegan, Glyn (ISS London) (May 14)
- RE: [PEN-TEST] Detecting the presence of a firewall Frank Knobbe (May 14)
- RE: [PEN-TEST] Detecting the presence of a firewall railwayclubposse (May 15)
- RE: [PEN-TEST] Detecting the presence of a firewall - Layer 2 Lance Spitzner (May 15)
- RE: [PEN-TEST] Detecting the presence of a firewall Balunos, Don (May 15)
- RE: [PEN-TEST] Detecting the presence of a firewall Frank Knobbe (May 15)
- RE: [PEN-TEST] Detecting the presence of a firewall railwayclubposse (May 16)
- RE: [PEN-TEST] Detecting the presence of a firewall Ansar Mohammed (May 14)