RE: Firewalls & SSL
From: Yoann Le Corvic (Yoann.LeCorvic@linkvest.com)Date: 10/10/01
- Previous message: Steve Cogan: "Re: Pen-Testing Lotus Notes/Domino"
- Maybe in reply to: niumal weerasena: "Firewalls & SSL"
- Next in thread: Paul Midian: "RE: Firewalls & SSL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Subject: RE: Firewalls & SSL Date: Wed, 10 Oct 2001 10:03:11 +0200 Message-ID: <B45465FD9C23D21193E90000F8D0F3DF01C1FAAD@mailsrv.linkvest.com> From: "Yoann Le Corvic" <Yoann.LeCorvic@linkvest.com> To: "niumal weerasena" <niumal@yahoo.com>, <pen-test@securityfocus.com>
Hello
> 1) How do I determine the router and firewall IPs and
> type of firewalls/router used?
>
Have you tried the -O option of NMAP, that could at least give you a
guess of the OS on which the firewall is running, and at best, the type
of firewall
> 2) How can I bypass the firewall to exploit the open
> ports on the servers?
The only thing I can think of here is to use packet fragmentation. That
worked in the past, but more an more firewalls have fixed the problem
>
> 3) How can I exploit secured (SSL) web server?
>
I would think the same way you would do a not secure one. For example,
you can still attempt unicode exploits, wether it is https or not, just
replace http by https. Unless they use authentication as well...
> Appreciate any useful information from anyone out
> there........
>
> Thanks,
> Niumal
>
>
> =====
> Niumal Weerasena
> Mobile : +6 012 - 2112654
> Email : niumal@yahoo.com
>
> __________________________________________________
> Do You Yahoo!?
> NEW from Yahoo! GeoCities - quick and easy web site hosting,
> just $8.95/month.
> http://geocities.yahoo.com/ps/info1
>
> --------------------------------------------------------------
> --------------
> This list is provided by the SecurityFocus Security
> Intelligence Alert (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security
> vulnerabilities please see:
> https://alerts.securityfocus.com/
>
>
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
- Previous message: Steve Cogan: "Re: Pen-Testing Lotus Notes/Domino"
- Maybe in reply to: niumal weerasena: "Firewalls & SSL"
- Next in thread: Paul Midian: "RE: Firewalls & SSL"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
|
