|
Penetration Testing
mailing list archives
Re: RE: RE: PIX and ttl
From: "Fernando Cardoso" <fernando.cardoso () whatevernet com>
Date: Mon, 28 May 2001 20:28:59 +0100
[...]
The work around is break in and NMAP from the internal network ;)
Another option is to do some research on the possibility of
doing fingerprinting on the other TCP states (ESTABILISHED, FIN_WAIT,
...).
A method I use to discover windows machines behind a statefull
aware firewall with syndefender is to create ESTABILISHED connections
and analyze the ip.id increments. This analysis can be expanded to
otherfields of the packets and other states by doing some research.
That's my approach too. DF field and window sizes (if stuff like
Packeteer are not used) can be also used. If pinging is enabled Ofir
Arkin's papers would be valuable too.
Perhaps a fingerprinting system that uses traces from a
tcpdumpsession? anyone?
That would be a nice tool. I wonder if siphon already does part of the
job? I don't the code right now to check...
Um abraco
Fernando
_____________________________________________________________________
INTERNET MAIL FOOTER
A presente mensagem pode conter informação considerada confidencial.
Se o receptor desta mensagem não for o destinatário indicado, fica
expressamente proibido de copiar ou endereçar a mensagem a terceiros.
Em tal situação, o receptor deverá destruir a presente mensagem e por
gentileza informar o emissor de tal facto.
---------------------------------------------------------------------
Privileged or confidential information may be contained in this
message. If you are not the addressee indicated in this message, you
may not copy or deliver this message to anyone. In such case, you
should destroy this message and kindly notify the sender by reply
email.
---------------------------------------------------------------------
 By Date 
By Thread
Current thread:
- RE: PIX and ttl, (continued)
| 
Intro
