|
Bugtraq
mailing list archives
Firewall-1 Identification : port 257 (ie archive : 18701)
From: "Sacha Faust" <sacha () severus org>
Date: Tue, 2 Apr 2002 12:55:56 -0500
It's been known for a while that if you find a host with open TCP port
256,257 and 258, you can be pretty sure it's a Firewall-1 box ( please refer
to : http://online.securityfocus.com/archive/1/18701 ).
I did some additional poking at the system and found out that if you connect
to port 257 and you hit a few keys, the server will return fwa1 string.
Here is the sequences that works for me:
1. hit enter
2. hit a few keys (2-3 is enough)
3. hit enter
the server will return the fwa1 string.
Example (my input was enter+test+enter):
[sacha () hole sacha]$ nc 1.1.1.1 257
30000005
test
fwa1
[sacha () hole sacha]$
If you hit other sequences, you data but no fwa1 string. I didn't seen this
feature mentioned. If this is already known, please ignore this post. This
was discovered on a client system so I don't have all the details of the
firewall config for now. All I know is it's a FW1 box. On what I have no
idea.
---------
Sacha Faust
sacha () severus org
 By Date 
By Thread
Current thread:
- Firewall-1 Identification : port 257 (ie archive : 18701) Sacha Faust (Apr 02)
|
Intro
