Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: Re: [PEN-TEST] Firewalking

Re: [PEN-TEST] Firewalking

From: Enno Rey <erey_at_IX.URZ.UNI-HEIDELBERG.DE>
Date: Tue, 6 Mar 2001 22:31:37 +0100

Hi,

can you reach systems protected by the fw, e.g. servers in a DMZ?
Try to traceroute those systems (from a windows system, as UDP packets used
by Unix traceroute probably will be blocked) or firewalk them
(www.packetfactory.net/Projects/Firewalk/). Then you'll get packets
generated from the fw itself which you can analyze. Have a look at the
params of those packets e.g. the ttl [unix: 255-(number of hops) vs.
windows: (128-nr. hops)] and others (to be found on paper on ICMP usage for
scanning www.sys-security.com/html/papers.html).

You could also try different DoS which affect different OSs (jolt2,
bubonic.c etc.), though some work only on local subnets and furthermore this
may outside the scope of your test ;-))

Regards,

Enno Rey

erey_at_security-academy.de --- www.security-academy.de
PGP 74C0 C7E1 3875 E4EB 9B75 8B9D 5E2D 3178 685B F222
Received on Mar 06 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos