Re: Raptor Firewall

• Previous message: Lambott@aol.com: "NT/IIS decoy"
• In reply to: Stuart: "Raptor Firewall"
• Next in thread: Lambott@aol.com: "Re: Raptor Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 7 Dec 2001 10:41:41 +0000 (GMT)
From: "Alex Butcher (pentest)" <pentest@cocoa.demon.co.uk>
To: Stuart <stuart.hackinfo@btinternet.com>

On Fri, 7 Dec 2001, Stuart wrote:

> We've run a pentest against a customer recently and found that the very act
> of port scanning their Raptor firewall (running on NT) crippled its ability
> to accept incoming connections for their web site. The firewall is a new
> high spec PIII and the least line is a decent size. The nmap scans were
> standard timing (not T5 or anything daft) - once the scans were stopped,
> things burst back in to life within about 10minutes.

I experienced similar issues when scanning hosts behind a client's
Watchguard firewall. I (together with some help from this list) put it
down to built-in automatic IDS/blackholing of "naughty" hosts. I tried to
get the client to disable the functionality, but either it isn't possible
to disable completely, or...

I've never (knowingly) managed to break a Raptor FW in this way - usually
all I see is the same open port profile for all hosts and looking to the
world like some strange cross between NT and some flavour of UNIX. :)

> thanks
> Stuart
> IT Security Consultant, UK

Best Regards,
Alex.

-- 
Alex Butcher         Brainbench MVP for Internet Security: www.brainbench.com
Berkshire, UK      Is *your* company hiring UNIX/Security/Pen. testing folks?
PGP/GnuPG ID:0x271fd950                      http://www.cocoa.demon.co.uk/cv/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: Lambott@aol.com: "NT/IIS decoy"
• In reply to: Stuart: "Raptor Firewall"
• Next in thread: Lambott@aol.com: "Re: Raptor Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: 0x80072EE7 ... Point the DNS Resolution to 4.2.2.2 ... Is the Windows firewall sufficient to replace Norton AV and Counterspy? ... I have Norton Antivirus and Online Security. ... When I looked in the Hosts file as suggested in one resolution, ... (microsoft.public.windowsupdate) Re: 0x80072EE7 ... Is the Windows firewall sufficient to replace Norton AV and Counterspy? ... I have Norton Antivirus and Online Security. ... When I looked in the Hosts file as suggested in one resolution, ... could just be a suggestion for a possible explanation for the problem ... (microsoft.public.windowsupdate) Re: Create restricted user account, 2003 server AD domain ... I originally created the security group 'def' as a domain local group. ... Note that user 'abc' is NOT listed as a member of the domain local group ... I verified this on both the domain server and the XP hosts ... (microsoft.public.windows.server.security) Re: 0x80072EE7 ... this problem with updating Microsoft. ... I have Norton Antivirus and Online Security. ... When I looked in the Hosts file as suggested in one resolution, ... could just be a suggestion for a possible explanation for the problem ... (microsoft.public.windowsupdate) RE: Testing load balanced servers behind NAT ... I'm not firewall expert, but you could use FIREWALKING(a traceroute-like ... free* solution in network security, ... is there any other documentation on identifying hosts behind ... accessible to the Internet. ... (Pen-Test)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint