Penetration Testing mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Fingerprinting PIX with nmap

From: "Jamie Riden" <jamie.riden () gmail com>
Date: Wed, 30 Apr 2008 07:59:15 +0100
On 29/04/2008, O.Kamal <okamalo () gmail com> wrote:

I got the following result while using nmap, the scan of port 25 gives
 the firewall brand, what should be the recommendation to disable that
 PIX fingerprinting?

 PORT   STATE   SERVICE  VERSION
 25/tcp   open      smtp         Cisco PIX sanatized smtpd

 I guess disabling the mail guard "fixup smtp" on the pix is not a good idea.


We didn't use to use mailguard but let mail go straight from our MXs
to our internal mail server. You might not need mailguard if you're
confident in your mail server.

Having said that, it won't be a huge surprise to anyone if you're
using a PIX so I don't particularly think it's worth *trying* to hide
it. (I suspect you can fingerprint PIXs in other ways, but don't have
one handy to play with right now.)

cheers,
 Jamie
-- 
Jamie Riden / jamesr () europe com / jamie () honeynet org uk
UK Honeynet Project: http://www.ukhoneynet.org/

------------------------------------------------------------------------
This list is sponsored by: Cenzic

Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!

http://www.cenzic.com/downloads
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: