Penetration Testing mailing list archives
RE: Fingerprinting PIX with nmap
From: "Paul Melson" <pmelson () gmail com>
Date: Wed, 30 Apr 2008 13:20:58 -0400
I got the following result while using nmap, the scan of port 25 gives the
firewall brand, what should be the
recommendation to disable that PIX fingerprinting?
Why would you recommend that they do anything about the fact that a port scanner can identify the version of firewall that they're running? I mean, aside from the obvious answer that you have no higher severity findings to report.
I guess disabling the mail guard "fixup smtp" on the pix is not a good
idea. Not for the sole purpose of avoiding detection by NMap. Know why? Because the next time you run that scan, NMap will identify the mail server sitting behind it instead of the PIX proxy. And as recon goes, identifying OS/app/version of an internal server is more valuable than identifying the brand (but not specific version) of the border firewall. PaulM ------------------------------------------------------------------------ This list is sponsored by: Cenzic Need to secure your web apps NOW? Cenzic finds more, "real" vulnerabilities fast. Click to try it, buy it or download a solution FREE today! http://www.cenzic.com/downloads ------------------------------------------------------------------------
Current thread:
- Fingerprinting PIX with nmap O.Kamal (Apr 29)
- RE: Fingerprinting PIX with nmap Paul Melson (Apr 30)
- Re: Fingerprinting PIX with nmap Jamie Riden (Apr 30)