Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Pentesting Old unsupported Firewall Appliances
From: vtlists () wyae de
Date: Tue, 12 Jun 2007 09:48:22 +0200

Harold Castro writes:

I'm new in pen testing.
Recently, I came across this firewall appliance
running Apache/1.3.26 (Unix) mod_dtcl mod_ssl/2.8.10 OpenSSL/0.9.7 during an
external pentest.

The nmap output on OS fingerprinting and service
detection looks like:

Running (JUST GUESSING) : Nokia IPSO (98%), Checkpoint
IPSO (90%) OS fingerprint not ideal because: Missing a
closed TCP port so results incomplete Aggressive OS
guesses: Nokia IP650 firewall appliance (runs IPSO 4.0
and CheckPoint Firewall-1/VPN-1 software) (98%), Nokia
IPSO 4.1Build19 firewall (94%), Checkpoint VPN-1
running IPSO 4.1 (90%)

According to nessus and nikto scans, the apache and
mod_ssl running on this particular host has several
high risk vulnerabilities.

Hmmm - are you sure that the apache is running on the firewall? I think a simple incoming NAT port forwarding to a separate server is more probable than an apache on the Checkpoint/Nokia appliance. You can crosscheck the NMAP result with an ikescan if you test if there are CKP-specific ports open (FW1topo comes to mind) or for the checkpoint-specific IKE modes, which will give you the exact CKP version, too.




Volker Tanger    http://www.wyae.de/volker.tanger/
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]