Penetration Testing mailing list archives
RE: Firewalking query
From: "Hazel, Scott A." <Scott.Hazel () unisys com>
Date: Wed, 19 Oct 2005 05:06:53 -0400
Hello Bshan. When you talk about the 2 systems below, do you mean a single server or a network? Since there is a firewall in front of the first system that implies a network but some clarification would help here. Also, you mention the second system is blocking ping but port 80 is open. For the PT what is your objective? Is it to see what services are available on each system and how they might be exploited or are you only testing against port 80 on each system? Scott H. -----Original Message----- From: BSK [mailto:bishan4u () yahoo co uk] Sent: Tuesday, October 18, 2005 10:36 AM To: pen-test () securityfocus com Subject: Firewalking query Hi, I'm doing a PT for 2 systems. Both the systems have port 80 open. I'm able to ping one of them while the second one is blocking the ping. To get the exact nature and topology I did a firewalking with firewalk. The first device was reachable with source port set as 80 while the second is not reachable. The first server is behind a firewall in a DMZ that is what I could make out from results but am not able to make any progress on the second one. Any clues whats going wrong or what do I need to do? thnks Bshan ___________________________________________________________ How much free photo storage do you get? Store your holiday snaps for FREE with Yahoo! Photos http://uk.photos.yahoo.com ------------------------------------------------------------------------ ------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 ------------------------------------------------------------------------ ------- ------------------------------------------------------------------------------ Audit your website security with Acunetix Web Vulnerability Scanner: Hackers are concentrating their efforts on attacking applications on your website. Up to 75% of cyber attacks are launched on shopping carts, forms, login pages, dynamic content etc. Firewalls, SSL and locked-down servers are futile against web application hacking. Check your website for vulnerabilities to SQL injection, Cross site scripting and other web attacks before hackers do! Download Trial at: http://www.securityfocus.com/sponsor/pen-test_050831 -------------------------------------------------------------------------------
Current thread:
- Firewalking query BSK (Oct 18)
- <Possible follow-ups>
- RE: Firewalking query BSK (Oct 19)
- RE: Firewalking query Hazel, Scott A. (Oct 19)
- RE: Firewalking query BSK (Oct 20)