RE: Firewalking query

["Hazel, Scott A." <Scott.Hazel () unisys com>]

Hello Bshan. 

When you talk about the 2 systems below, do you mean a single server or
a network?  Since there is a firewall in front of the first system that
implies a network but some clarification would help here.  Also, you
mention the second system is blocking ping but port 80 is open. For the
PT what is your objective? Is it to see what services are available on
each system and how they might be exploited or are you only testing
against port 80 on each system? 

Scott H.  

-----Original Message-----
From: BSK [mailto:bishan4u () yahoo co uk] 
Sent: Tuesday, October 18, 2005 10:36 AM
To: pen-test () securityfocus com
Subject: Firewalking query

Hi,

I'm doing a PT for 2 systems. Both the systems have port 80 open. I'm
able to ping one of them while the second one is blocking the ping. To
get the exact nature and topology I did a firewalking with firewalk.
The first device was reachable with source port set as 80 while the
second is not reachable. The first server is behind a firewall in a DMZ
that is what I could make out from results but am not able to make any
progress on the second one.

Any clues whats going wrong or what do I need to do?

thnks Bshan 


                
___________________________________________________________
How much free photo storage do you get? Store your holiday snaps for
FREE with Yahoo! Photos http://uk.photos.yahoo.com

------------------------------------------------------------------------
------
Audit your website security with Acunetix Web Vulnerability Scanner: 

Hackers are concentrating their efforts on attacking applications on
your website. Up to 75% of cyber attacks are launched on shopping carts,
forms, login pages, dynamic content etc. Firewalls, SSL and locked-down
servers are futile against web application hacking. Check your website
for vulnerabilities to SQL injection, Cross site scripting and other web
attacks before hackers do! 
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
------------------------------------------------------------------------
-------


------------------------------------------------------------------------------
Audit your website security with Acunetix Web Vulnerability Scanner:

Hackers are concentrating their efforts on attacking applications on your
website. Up to 75% of cyber attacks are launched on shopping carts, forms,
login pages, dynamic content etc. Firewalls, SSL and locked-down servers are
futile against web application hacking. Check your website for vulnerabilities
to SQL injection, Cross site scripting and other web attacks before hackers do!
Download Trial at:

http://www.securityfocus.com/sponsor/pen-test_050831
-------------------------------------------------------------------------------