Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:
edgeos



Penetration Testing: RE: [PEN-TEST] Detecting the presence of a firewall - Layer 2

RE: [PEN-TEST] Detecting the presence of a firewall - Layer 2

From: Lance Spitzner <lance_at_honeynet.org>
Date: Tue, 15 May 2001 12:35:20 -0500 (CDT)

On Tue, 15 May 2001 railwayclubposse_at_hushmail.com wrote:

> You get the same results if the default Checkpoint ports are closed. You
> still need to find one or two open ports, but they don't have to be on the
> firewall itself. The giveaway is in how the headers are rewritten for one-
> to-many NAT.

Let us not forget layer 2. Another great way to detect a firewall (and you
have access to the local network) is to do a ping sweep of the local network.
Take the list of IPs that responded and compare that to your arp table. Often
you will find more MAC addresses from the local network then you found IPs
form the local network. If you could not connect/ping a system locally,
but its MAC exists in your ARP table, that system most likely has some
firewalling or ICMP disabled. Just one more method of gathering information.

lance
Received on May 16 2001

[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
edgeos