|
Penetration Testing
mailing list archives
RE: [PEN-TEST] Detecting the presence of a firewall - Layer 2
From: Lance Spitzner <lance () honeynet org>
Date: Tue, 15 May 2001 12:35:20 -0500 (CDT)
On Tue, 15 May 2001 railwayclubposse () hushmail com wrote:
You get the same results if the default Checkpoint ports are closed. You
still need to find one or two open ports, but they don't have to be on the
firewall itself. The giveaway is in how the headers are rewritten for one-
to-many NAT.
Let us not forget layer 2. Another great way to detect a firewall (and you
have access to the local network) is to do a ping sweep of the local network.
Take the list of IPs that responded and compare that to your arp table. Often
you will find more MAC addresses from the local network then you found IPs
form the local network. If you could not connect/ping a system locally,
but its MAC exists in your ARP table, that system most likely has some
firewalling or ICMP disabled. Just one more method of gathering information.
lance
 By Date 
By Thread
Current thread:
- Re: [PEN-TEST] Detecting the presence of a firewall, (continued)
|
Intro
