Re: [fw-wiz] Question about setting up PIX firewall



On 11/17/05, Paul D. Robertson <paul@xxxxxxxxxxxx> wrote:
> On Tue, 8 Nov 2005, Carric Dooley wrote:
>
> > Matthew... posting your firewall config (esp. in its entirety, an
> > apparenlty mostly unchanged) is a HUGE no-no. Somone footprinting your
> > company now has a lot of good info how to smack you down...
>
> If your ruleset is sane, it really shouldn't matter. Just like posting
> the source to encryption algorithms, it's only really an issue if you have
> a significant flaw. No gaping holes and there shouldn't be anything an

I would strongly disagree Paul. We can learn an enormous amount of
recon intelligence from Matthews config.

1. We know he is using a PIX so we only have to look for exploits for that.

2. Domain name-> domain-name spectrumdirect.local and dns server
vpngroup SpectrumDirect dns-server 192.168.1.250
192.168.1.250

3. His rfc1918 subnet-> 192.168.1.128 255.255.255.128
Which we may be able to exploit with source routed packet attacks.
(I am not sure how well the PIX stands up to these)

3.He is using a client to site vpn with split tunnellling enabled so if we could
find a users home PC and compromise it we could gain a significant
amount of access while the user is connected to the vpn.

4. We know the vpn config so we can easily get our hands on the cisco vpn client
and try to BF the password because the AUTH is LOCAL and the BF
attempt probably won't be detected.

5. telnet 192.168.1.0 255.255.255.0 inside
Telnet is used to administer the box so if we can compromise the web
server inside we can
probably sniff the pix passsword and allow ourselves whatever access we want.

These are just a few ideas I pulled of the top of my head. Matthew
Davis if you are reading this I strongly adivse you to request the
firewall wizards mailing list pull your post off their servers and
also request google to do the same however more than likely your post
has
allready been cached and or skimmed.

--
James
_______________________________________________
firewall-wizards mailing list
firewall-wizards@xxxxxxxxxxxxxxxxxx
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards



Relevant Pages