Home page logo

pen-test logo Penetration Testing mailing list archives

Firewalls & SSL
From: niumal weerasena <niumal () yahoo com>
Date: Tue, 9 Oct 2001 10:57:15 -0700 (PDT)

Hi there,

I am currently performing a blind pen-test for a
client who uses more than 2 types of firewalls and has
a secured web server. I have done nmap FIN scans
(other scans failed) on the secured web server and the
rest of the class C address range and found several
ip’s responding. It shows many open ports such as FTP,
SMTP, Telnet,BO2K etc. 

However I cannot exploit/connect to these ports using
“telnet”, “ftp” & “hping” because of the firewalls (I
suspect!!). I also know that the web server is using
Windows 2000 server and I suspect it is located behind
2 firewalls(because traceroute shows additional ip hop
for the web server) that only allows port 443 to be

Based on the above, below are my queries:
1)      How do I determine the router and firewall IPs and
type of firewalls/router used?

2)      How can I bypass the firewall to exploit the open
ports on the servers?

3)      How can I exploit secured (SSL) web server?

Appreciate any useful information from anyone out


Niumal Weerasena
Mobile : +6 012 - 2112654
Email : niumal () yahoo com

Do You Yahoo!?
NEW from Yahoo! GeoCities - quick and easy web site hosting, just $8.95/month.

This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]