Penetration Testing mailing list archives
Re: SGS 5400 firewalls
From: "Bernardo Wernesback" <bernardosw () gmail com>
Date: Mon, 13 Mar 2006 17:18:21 -0300
Hi Paul, I am not so sure about that restriction on external access to port 2456. I believe it comes open to any of the interfaces (could be wrong on that). ;) Also, if the box is running SGS 3.0, SSH server used is the open standard - you can connect to it by using any SSH client. (comes disabled by default). Nice day to all! On 3/13/06, Paul Melson <pmelson () gmail com> wrote:
-----Original Message----- Subject: RE: SGS 5400 firewallsYou might want to start by looking for TCP port 2456. This is the SSL webbased managementport. Admin is a good username to start with. Also look for TCP port 22(i.e. OpenSSH).Be advised, if the admins are smart, they have added filters to protectthese ports externalconnections. The logging is also very good so whatever you try, theyshould notice it. By default, SGMI (port 2456) is only accessible via the interface that is designated as the 'Inside' interface as configured via the front panel LED. Additionally, instead of a traditional SSH connection, these firewalls use a proprietary service the vendor calls Secure Remote Login that listens on TCP/423 (not TCP/22). This service relies on both a shared secret for the SRL service as well as valid firewall admin credentials (so 1 user/pass pair, plus a shared secret). It requires a custom client that Symantec provides (a modified TeraTerm Pro) called srlclient8. This service is also only accessible via the 'Inside' interface by default. So if this is an external pen test of the firewall, and you can connect to 2456 (should get SSL challenge for cert signed by internal CA) or TCP/423, these are findings in and of themselves, regardless of whether or not you can actually authenticate and use these services to gain access to the device. PaulM ------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------------
------------------------------------------------------------------------------ This List Sponsored by: Cenzic Concerned about Web Application Security? As attacks through web applications continue to rise, you need to proactively protect your applications from hackers. Cenzic has the most comprehensive solutions to meet your application security penetration testing and vulnerability management needs. You have an option to go with a managed service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can help you: http://www.cenzic.com/news_events/wpappsec.php And, now for a limited time we can do a FREE audit for you to confirm your results from other product. Contact us at request () cenzic com ------------------------------------------------------------------------------
Current thread:
- SGS 5400 firewalls e . lewis (Mar 02)
- Re: SGS 5400 firewalls Volker Tanger (Mar 03)
- RE: SGS 5400 firewalls Paul Melson (Mar 03)
- RE: SGS 5400 firewalls Darren Webb (Mar 12)
- RE: SGS 5400 firewalls Paul Melson (Mar 13)
- Re: SGS 5400 firewalls Bernardo Wernesback (Mar 13)
- RE: SGS 5400 firewalls Paul Melson (Mar 14)
- RE: SGS 5400 firewalls Paul Melson (Mar 13)