|
Penetration Testing
mailing list archives
Re: Raptor Firewall
From: "Alex Butcher (pentest)" <pentest () cocoa demon co uk>
Date: Fri, 7 Dec 2001 10:41:41 +0000 (GMT)
On Fri, 7 Dec 2001, Stuart wrote:
We've run a pentest against a customer recently and found that the very act
of port scanning their Raptor firewall (running on NT) crippled its ability
to accept incoming connections for their web site. The firewall is a new
high spec PIII and the least line is a decent size. The nmap scans were
standard timing (not T5 or anything daft) - once the scans were stopped,
things burst back in to life within about 10minutes.
I experienced similar issues when scanning hosts behind a client's
Watchguard firewall. I (together with some help from this list) put it
down to built-in automatic IDS/blackholing of "naughty" hosts. I tried to
get the client to disable the functionality, but either it isn't possible
to disable completely, or...
I've never (knowingly) managed to break a Raptor FW in this way - usually
all I see is the same open port profile for all hosts and looking to the
world like some strange cross between NT and some flavour of UNIX. :)
thanks
Stuart
IT Security Consultant, UK
Best Regards,
Alex.
--
Alex Butcher Brainbench MVP for Internet Security: www.brainbench.com
Berkshire, UK Is *your* company hiring UNIX/Security/Pen. testing folks?
PGP/GnuPG ID:0x271fd950 http://www.cocoa.demon.co.uk/cv/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
 By Date 
By Thread
Current thread:
- Stunnel Problems, (continued)
| 
Intro
