Re: Firewall Type Fingerprinting

[Volker Tanger <vtlists () wyae de>]

Am Thu, 19 Nov 2009 16:09:02 +0700
schrieb Zaki Akhmad <zakiakhmad () gmail com>:
> Can we do firewall type fingerprinting? With what tools? I want to
> know the type of the firewall in front of the web server.

Sometimes - if so, a simple portscan can tell things. Sometimes service
gateways / proxies are a giveaway

- There are typical ports for some firewalls 
  (services like http-auth, VPN-ports)

- Some FWs tell their name when using a Layer7 protocol filter.

- Some have a very distinct appearance in a portscan 
  (esp. Raptor / Symantec Enterprise).

- Some have specific modifications to the IKE protocol (use IKEscan).

- Some can be identified by NMAP / Hping2 OS scan.

Usually: the "tighter" a FW is configured the harder it is to find out
its brand, too...

I don't know any special tools - usually NMAP is sufficient for most of
the tests above. Plus a bit of experience to interpret the results
unless they are blantantly obvious from service names...

Bye

Volker


-- 

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

------------------------------------------------------------------------
This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 

http://www.iacertification.org
------------------------------------------------------------------------