Home page logo

pen-test logo Penetration Testing mailing list archives

Re: Firewall Type Fingerprinting
From: Volker Tanger <vtlists () wyae de>
Date: Sat, 21 Nov 2009 00:32:08 +0100

Am Thu, 19 Nov 2009 16:09:02 +0700
schrieb Zaki Akhmad <zakiakhmad () gmail com>:

Can we do firewall type fingerprinting? With what tools? I want to
know the type of the firewall in front of the web server.

Sometimes - if so, a simple portscan can tell things. Sometimes service
gateways / proxies are a giveaway

- There are typical ports for some firewalls 
  (services like http-auth, VPN-ports)

- Some FWs tell their name when using a Layer7 protocol filter.

- Some have a very distinct appearance in a portscan 
  (esp. Raptor / Symantec Enterprise).

- Some have specific modifications to the IKE protocol (use IKEscan).

- Some can be identified by NMAP / Hping2 OS scan.

Usually: the "tighter" a FW is configured the harder it is to find out
its brand, too...

I don't know any special tools - usually NMAP is sufficient for most of
the tests above. Plus a bit of experience to interpret the results
unless they are blantantly obvious from service names...




Volker Tanger    http://www.wyae.de/volker.tanger/
vtlists () wyae de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

This list is sponsored by: Information Assurance Certification Review Board

Prove to peers and potential employers without a doubt that you can actually do a proper penetration test. IACRB CPT 
and CEPT certs require a full practical examination in order to become certified. 


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]