Home page logo
/

pen-test logo Penetration Testing mailing list archives

Firewalls & SSL
From: niumal weerasena <niumal () yahoo com>
Date: Tue, 9 Oct 2001 10:57:15 -0700 (PDT)

Hi there,

I am currently performing a blind pen-test for a
client who uses more than 2 types of firewalls and has
a secured web server. I have done nmap FIN scans
(other scans failed) on the secured web server and the
rest of the class C address range and found several
ip’s responding. It shows many open ports such as FTP,
SMTP, Telnet,BO2K etc. 

However I cannot exploit/connect to these ports using
“telnet”, “ftp” & “hping” because of the firewalls (I
suspect!!). I also know that the web server is using
Windows 2000 server and I suspect it is located behind
2 firewalls(because traceroute shows additional ip hop
for the web server) that only allows port 443 to be
accessed. 

Based on the above, below are my queries:
1)      How do I determine the router and firewall IPs and
type of firewalls/router used?

2)      How can I bypass the firewall to exploit the open
ports on the servers?

3)      How can I exploit secured (SSL) web server?

Appreciate any useful information from anyone out
there……..

Thanks,
Niumal


=====
Niumal Weerasena
Mobile : +6 012 - 2112654
Email : niumal () yahoo com

__________________________________________________
Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.
http://geocities.yahoo.com/ps/info1

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]
AlienVault