Penetration Testing mailing list archives

RE: SGS 5400 firewalls

From: "Paul Melson" <pmelson () gmail com>
Date: Mon, 13 Mar 2006 09:56:35 -0500

-----Original Message-----
Subject: RE: SGS 5400 firewalls

You might want to start by looking for TCP port 2456.  This is the SSL web

based management

port.  Admin is a good username to start with.  Also look for TCP port 22

(i.e. OpenSSH).


Be advised, if the admins are smart, they have added filters to protect

these ports external

connections.  The logging is also very good so whatever you try, they

should notice it.

By default, SGMI (port 2456) is only accessible via the interface that is
designated as the 'Inside' interface as configured via the front panel LED.
Additionally, instead of a traditional SSH connection, these firewalls use a
proprietary service the vendor calls Secure Remote Login that listens on
TCP/423 (not TCP/22).  This service relies on both a shared secret for the
SRL service as well as valid firewall admin credentials (so 1 user/pass
pair, plus a shared secret).  It requires a custom client that Symantec
provides (a modified TeraTerm Pro) called srlclient8.  This service is also
only accessible via the 'Inside' interface by default.

So if this is an external pen test of the firewall, and you can connect to
2456 (should get SSL challenge for cert signed by internal CA) or TCP/423,
these are findings in and of themselves, regardless of whether or not you
can actually authenticate and use these services to gain access to the
device.

PaulM




------------------------------------------------------------------------------
This List Sponsored by: Cenzic

Concerned about Web Application Security? 
As attacks through web applications continue to rise, you need to proactively 
protect your applications from hackers. Cenzic has the most comprehensive 
solutions to meet your application security penetration testing and 
vulnerability management needs. You have an option to go with a managed 
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm). 
Download FREE whitepaper on how a managed service can help you: 
http://www.cenzic.com/news_events/wpappsec.php 
And, now for a limited time we can do a FREE audit for you to confirm your 
results from other product. Contact us at request () cenzic com
------------------------------------------------------------------------------

Current thread:

SGS 5400 firewalls e . lewis (Mar 02)
- Re: SGS 5400 firewalls Volker Tanger (Mar 03)
- RE: SGS 5400 firewalls Paul Melson (Mar 03)
- RE: SGS 5400 firewalls Darren Webb (Mar 12)
  - RE: SGS 5400 firewalls Paul Melson (Mar 13)
    - Re: SGS 5400 firewalls Bernardo Wernesback (Mar 13)
    - RE: SGS 5400 firewalls Paul Melson (Mar 14)