Penetration Testing mailing list archives
Re: Firewall Type Fingerprinting
From: Volker Tanger <vtlists () wyae de>
Date: Sat, 21 Nov 2009 00:32:08 +0100
Am Thu, 19 Nov 2009 16:09:02 +0700 schrieb Zaki Akhmad <zakiakhmad () gmail com>:
Can we do firewall type fingerprinting? With what tools? I want to know the type of the firewall in front of the web server.
Sometimes - if so, a simple portscan can tell things. Sometimes service gateways / proxies are a giveaway - There are typical ports for some firewalls (services like http-auth, VPN-ports) - Some FWs tell their name when using a Layer7 protocol filter. - Some have a very distinct appearance in a portscan (esp. Raptor / Symantec Enterprise). - Some have specific modifications to the IKE protocol (use IKEscan). - Some can be identified by NMAP / Hping2 OS scan. Usually: the "tighter" a FW is configured the harder it is to find out its brand, too... I don't know any special tools - usually NMAP is sufficient for most of the tests above. Plus a bit of experience to interpret the results unless they are blantantly obvious from service names... Bye Volker -- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists () wyae de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ------------------------------------------------------------------------ This list is sponsored by: Information Assurance Certification Review Board Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT and CEPT certs require a full practical examination in order to become certified. http://www.iacertification.org ------------------------------------------------------------------------
Current thread:
- Firewall Type Fingerprinting Zaki Akhmad (Nov 19)
- Re: Firewall Type Fingerprinting Alex Fiuvertiz (Nov 23)
- Re: Firewall Type Fingerprinting Zaki Akhmad (Nov 23)
- Re: Firewall Type Fingerprinting Volker Tanger (Nov 23)
- Re: Firewall Type Fingerprinting Edin Dizdarevic (Nov 23)
- Re: Firewall Type Fingerprinting Chris Brenton (Nov 23)
- Re: Firewall Type Fingerprinting Alex Fiuvertiz (Nov 23)