Ofir Arkin presented a great paper that he wrote about
fingerprinting windows hosts using ICMP at BlackHat W2K this
year... it should be avalaible on the BlackHat site, or at
http://www.sys-security.com/.
Cristiano Lincoln Mattos, SSCP
CESAR - Centro de Estudos e Sistemas Avancados do Recife
> -----Mensagem original-----
> De: Penetration Testers [mailto:PEN-TEST_at_SECURITYFOCUS.COM]Em nome de
> Jan Muenther
> Enviada em: quarta-feira, 7 de marco de 2001 07:37
> Para: PEN-TEST_at_SECURITYFOCUS.COM
> Assunto: Re: [PEN-TEST] Firewalking
>
>
> Hi,
>
> > What would be the best way to determine what kind of firewall
> is running on
> > a server? Especially one that does not give out any banners.
> > TCP-fingerprinting is not possible because there are no obvious
> open ports.
>
> depends, I'd say. If they pass in (and let out) some ICMP types /
> codes, you might be able to fingerprint them on that. I think it
> was either Dragos Riu or Clayton Fiske, but one of them wrote an
> excellent paper about ICMP fingerprinting.
>
> Cheers, Jan
> --
> Radio HUNDERT,6 Medien GmbH Berlin
> - EDV -
> j.muenther_at_radio.hundert6.de
>
Received on Mar 07 2001
Intro
