Penetration Testing mailing list archives
RE: Pentesting Old unsupported Firewall Appliances
From: "Clemens, Dan" <Dan.Clemens () healthsouth com>
Date: Fri, 15 Jun 2007 13:22:57 -0500
On 11/06/07, Harold Castro <b0ydaem0n () yahoo com> wrote:
Hi,
...
Since I'm doing an external black box pentest, I have to rely on some tools for OS fingerprinting. Nmap guesses it to be either Nokia IPSO 4.0 or 4.1Build19. Now I tried googling for that particular appliance (IP650) and I found out that the appliance is too old as its existence
dates back as early as 1999. I'm having a hard time trying to find anything that can be useful for this
IP650 is the hardware model. The IP650 model is fairly old, but you can still run newer versions of IPSO (operating system) on it. IPSO 4.1Buildxxx would be the operating system version and Checkpoint is the application running on the operation system. IPSO is a bsd based os and IPSO Build019 was released on 09/21/2006. The most recent IPSO build/rev is IPSO 4.2 Build 041 which was released on 05/24/2007. I don't recall there being any real security issues with IPSO since this release but I could be wrong. Most IPSO updates & enhancements don't focus around security bug fixes but functionality bug fixes. Assuming your results are correct it may be more accurate that the firewall device is doing port forwarding to another system for the other results that had been mentioned. If I was doing this assessment I wouldn't worry that much about the IPSO rev level, but what services are open on this box remotely from the internet and vulnerabilities in other hosts (and or problems in the checkpoint rev running on the ipso). Hope this information helps. Daniel Clemens ----------------------------------------- Confidentiality Notice: This e-mail communication and any attachments may contain confidential and privileged information for the use of the designated recipients named above. If you are not the intended recipient, you are hereby notified that you have received this communication in error and that any review, disclosure, dissemination, distribution or copying of it or its contents is prohibited. If you have received this communication in error, please notify me immediately by replying to this message and deleting it from your computer. Thank you. ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
Current thread:
- Pentesting Old unsupported Firewall Appliances Harold Castro (Jun 11)
- Re: Pentesting Old unsupported Firewall Appliances Jamie Riden (Jun 15)
- RE: Pentesting Old unsupported Firewall Appliances Clemens, Dan (Jun 15)
- Re: Pentesting Old unsupported Firewall Appliances Tiago Batista (Jun 15)
- Firewall Leak Testing Was Re: Pentesting Old unsupported Firewall Appliances mOses (Jun 15)
- Re: Firewall Leak Testing Was Re: Pentesting Old unsupported Firewall Appliances Michael Painter (Jun 21)
- Firewall Leak Testing Was Re: Pentesting Old unsupported Firewall Appliances mOses (Jun 15)
- Re: Pentesting Old unsupported Firewall Appliances Security Guy (Jun 15)
- Re: Pentesting Old unsupported Firewall Appliances vtlists (Jun 15)
- <Possible follow-ups>
- RE: Pentesting Old unsupported Firewall Appliances Michael Scheidell (Jun 15)
- Re: Pentesting Old unsupported Firewall Appliances Jamie Riden (Jun 15)