Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: RE: [PEN-TEST] Detecting the presence of a firewall

RE: [PEN-TEST] Detecting the presence of a firewall

From: Geoghegan, Glyn (ISS London) <glyng_at_iss.net>
Date: Mon, 14 May 2001 16:53:00 -0400

nmap scans of poorly configured FW-1 boxes may also show UDP/53 and TCP/53
as 'closed' on the firewall and protected hosts, due to DNS lookups being
permitted in the 'Policy Properties' dialogues.

Whilst this is a relatively old mis-configuration (dates to early 4.0
deployments), it's still fairly common, and provides opportunities for an
attacker to probe hosts behind the firewall, or to abuse those hosts through
trojans or tunnelling.

http://www.phoneboy.com/faq/0131.html

G 

--
~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~ ~~~~~~~ ~~~~ ~~~ ~~ ~
G l y n   G e o g h e g a n                     Consultant
http://www.iss.net                         E:glyng@iss.net
T:+44 (0)20 7626 7070                F:+44 (0)20 7626 1114
Floor 6, Walbrook House, 23 Walbrook, London, EC4N 8BT, UK
Internet Security Systems        --  The Power to Protect!
UK Sales & Information Hotline   --    +44 (0)800 085 2976
See ISS at Internet World    --    www.internetworld.co.uk
-----Original Message-----
From: railwayclubposse_at_hushmail.com
[mailto:railwayclubposse_at_hushmail.com]
Sent: 14 May 2001 17:44
To: PEN-TEST_at_securityfocus.com
Subject: RE: [PEN-TEST] Detecting the presence of a firewall
For Checkpoint, use nmap and do a TCP and OS detection scan. If they are 
doing one-to-many NAT the machines will be detected as "behind a Checkpoint 
Firewall-1 4.1 SP2 Server" or whatever. The firewall itself is likely to 
have some combination of  TCP ports 256-259, 264-265 open for management,
auth, key exchange, etc. 
>-----Original Message-----
>From: priya subramanian [mailto:pentesting_at_YAHOO.CO.IN]
>Sent: Monday, May 07, 2001 5:11 AM
>To: PEN-TEST_at_SECURITYFOCUS.COM
>Subject: [PEN-TEST] Detecting the presence of a firewall
>
>
>Pl clarify the following
>
>1. Are there any means of detecting the presence of a
>checkpoint firewall at a company's premises,  from a
>remote location.
>
>2.Knowing one interface of the firewall machine, is it
>possible for me to find the ip addresses of the other
>interfaces.
>
>Kindly reply at the earliest.
>
>Priya
>
>Free, encrypted, secure Web-based email at www.hushmail.com
>
Free, encrypted, secure Web-based email at www.hushmail.com
Received on May 14 2001
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos