Re: [fw-wiz] Question about setting up PIX firewall

On 11/17/05, Paul D. Robertson <paul@xxxxxxxxxxxx> wrote:
> On Tue, 8 Nov 2005, Carric Dooley wrote:
> > Matthew... posting your firewall config (esp. in its entirety, an
> > apparenlty mostly unchanged) is a HUGE no-no. Somone footprinting your
> > company now has a lot of good info how to smack you down...
> If your ruleset is sane, it really shouldn't matter. Just like posting
> the source to encryption algorithms, it's only really an issue if you have
> a significant flaw. No gaping holes and there shouldn't be anything an

I would strongly disagree Paul. We can learn an enormous amount of
recon intelligence from Matthews config.

1. We know he is using a PIX so we only have to look for exploits for that.

2. Domain name-> domain-name spectrumdirect.local and dns server
vpngroup SpectrumDirect dns-server

3. His rfc1918 subnet->
Which we may be able to exploit with source routed packet attacks.
(I am not sure how well the PIX stands up to these)

3.He is using a client to site vpn with split tunnellling enabled so if we could
find a users home PC and compromise it we could gain a significant
amount of access while the user is connected to the vpn.

4. We know the vpn config so we can easily get our hands on the cisco vpn client
and try to BF the password because the AUTH is LOCAL and the BF
attempt probably won't be detected.

5. telnet inside
Telnet is used to administer the box so if we can compromise the web
server inside we can
probably sniff the pix passsword and allow ourselves whatever access we want.

These are just a few ideas I pulled of the top of my head. Matthew
Davis if you are reading this I strongly adivse you to request the
firewall wizards mailing list pull your post off their servers and
also request google to do the same however more than likely your post
allready been cached and or skimmed.

firewall-wizards mailing list