For Checkpoint, use nmap and do a TCP and OS detection scan. If they are
doing one-to-many NAT the machines will be detected as "behind a Checkpoint
Firewall-1 4.1 SP2 Server" or whatever. The firewall itself is likely to
have some combination of TCP ports 256-259, 264-265 open for management,
auth, key exchange, etc.
>-----Original Message-----
>From: priya subramanian [mailto:pentesting_at_YAHOO.CO.IN]
>Sent: Monday, May 07, 2001 5:11 AM
>To: PEN-TEST_at_SECURITYFOCUS.COM
>Subject: [PEN-TEST] Detecting the presence of a firewall
>
>
>Pl clarify the following
>
>1. Are there any means of detecting the presence of a
>checkpoint firewall at a company's premises, from a
>remote location.
>
>2.Knowing one interface of the firewall machine, is it
>possible for me to find the ip addresses of the other
>interfaces.
>
>Kindly reply at the earliest.
>
>Priya
>
>Free, encrypted, secure Web-based email at www.hushmail.com
>
Free, encrypted, secure Web-based email at www.hushmail.com
IMPORTANT NOTICE: If you are not using HushMail, this message could have been read easily by the many people who have access to your open personal email messages.
Get your FREE, totally secure email address at http://www.hushmail.com.
Received on May 14 2001
Intro
