Penetration Testing mailing list archives
Re: Vulnerability scanning across Firewall
From: Volker Tanger <vtlists () wyae de>
Date: Mon, 5 Jun 2006 20:23:21 +0200
On 5 Jun 2006 15:24:51 -0000 tarunthenut () gmail com wrote:
I wanted to know if there is any concern scanning for vulnerabilities across firewalls. We are scanning our critical servers segment from the user LAN segment. The two segments are seperated by a stateful firewall.
If the FW team does not know of the scan it can have quite some impact if it is good and fast on its feet - my personal speed record: a bit less than 10 minutes after start of scan the room's network connection was down and security was coming through the door. That aside you usually cannot scan for vulnerabilities that might be hidden behind filtered ports. Well, some packet filters might not check for interface spoofing, so you might try to idle-scan from other network(segment)s or hosts you suspect being allowed to. Then define "stateful firewall" - that could be anything from a simple stateful packet filter (plain iptables) to fully-fledged dual-homed application-level filtering-proxies. These might filter out critical test packets, or even block you after finding that your IP means trouble (e.g. by overstepping a threshold of maximum errors per time). You (and the client) should be aware that you are only testing that attack vector - the servers might still be vulnerable from an other network segment. So automated scans often have a problem properly handling/assessing firewalled systems, so you'll probably have to run a number of manual tests and re-program your scaners accordingly. Good luck! Volker -- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists () wyae de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? Why not go with the #1 solution - Cenzic, the only one to win the Analyst's Choice Award from eWeek. As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com for details. ------------------------------------------------------------------------------
Current thread:
- Vulnerability scanning across Firewall tarunthenut (Jun 05)
- Re: Vulnerability scanning across Firewall Volker Tanger (Jun 05)
- Re: Vulnerability scanning across Firewall Dan Catalin Vasile (Jun 06)
- <Possible follow-ups>
- Re: Re: Vulnerability scanning across Firewall tarunthenut (Jun 06)
- Re: Re: Vulnerability scanning across Firewall Nathan Keltner (Jun 06)