Penetration Testing mailing list archives
Re: DENY x REJECT
From: niceshorts () yahoo com
Date: Wed, 10 Oct 2001 04:54:34 -0500
Ofir Arkin hat geschrieben:
Imagine there is no spoon.
There is no spoon. It is your mind that bends. :)
What you can do is to test for firewall presence. This is a very simple test that will give you the ability to understand what you facing.
...
One nice added value for the auditor will be the ability to identify the operating system the FW software will be installed on, given the fact the firewall TCP/IP stack generates these lovely RSTs. Another thing that the auditor might gain is the understanding that he is dealing with several systems and not only with the one he is querying - looking at the traces will result in identifying at least two systems which communicate with his machine although he is targeting one.
Yes. This is an issue all operators or auditors need to consider: On the one hand, we wish to limit reconnaissance activity. Let us not leak information like so many U.S. Congressmen. On the other hand, the security of a firewall ought not be dependent on the obscurity of its TCP/IP stack. I find no simple answer fits every scenario. I do urge, however, if one is attempting to "stealthen" a firewall, one will have to remember that TTL decrementation still takes place. The FreeBSD kernel IPFW implementation *used*[0] to have the option to not subtract from TTL. If one doesn't mind playing havoc with traceroute, this, too, may be an option. -anthony kim [0] I have not been following IPFW in 4.4 or 5.0-CURRENT so can't speak definitively. -- HTTP request sent, awaiting response... 404 Object Not Found ERROR 404: Object Not Found. ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- DENY x REJECT Rosenau (Oct 04)
- Re: DENY x REJECT R. DuFresne (Oct 04)
- Re: DENY x REJECT Fyodor (Oct 04)
- RE: DENY x REJECT Ofir Arkin (Oct 09)
- Re: DENY x REJECT niceshorts (Oct 09)
- RE: DENY x REJECT Ofir Arkin (Oct 10)
- Re: DENY x REJECT niceshorts (Oct 10)
- Re: DENY x REJECT niceshorts (Oct 09)
- <Possible follow-ups>
- RE: DENY x REJECT Frank Knobbe (Oct 04)
- Fw: DENY x REJECT Mehmet Murat Gunsay (Oct 05)