Re: Fingerprinting Firewall

• Previous message: Ernest Nelson: "RE: sql injection with order by"
• In reply to: Prashant Gawade: "Fingerprinting Firewall"
• Next in thread: intel96: "Re: Fingerprinting Firewall"
• Reply: intel96: "Re: Fingerprinting Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Date: Fri, 08 Apr 2005 20:13:23 -0400
To: Prashant Gawade <prashant.gawade@paladion.net>, pen-test@securityfocus.com

> We all know that, we can identify firewall using various methods and tools like "firewalk".
> Is there any method or tool available which will remotely fingerprint and enumerate rule
> base configured on the firewall?

Well, more accurately put firewalk does not identify firewalls as much
as it enumerates what kind of traffic will be passed as well as allowing
you to figure out ACLs in use.

Generally speaking I don't think you'll be able to come up with
something along the lines of nmap that will allow you to determine what
kind of firewall is in place. Certainly not reliably for all firewalls
and in all situations; there's just to much variability in how rules can
be configured or traffic scrubbed.

What I do think is possible is the creation of a tool that will narrow
the field down to a group of firewalls.

However, I suppose that for peculiar situations, either from grievous
design error or peculiar configurations, certain firewalls might stick
out like a sore thumb. But my suspicions are that would be rare.

• Previous message: Ernest Nelson: "RE: sql injection with order by"
• In reply to: Prashant Gawade: "Fingerprinting Firewall"
• Next in thread: intel96: "Re: Fingerprinting Firewall"
• Reply: intel96: "Re: Fingerprinting Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]