Re: Fingerprinting Firewall

From: intel96 (intel96_at_bellsouth.net)
Date: 04/11/05

  • Next message: Brett Moore: "[WHITEPAPER] Bugger The Debugger" 
    Date: Mon, 11 Apr 2005 14:20:53 -0400
To: pen-test@securityfocus.com

    One of the best way I have found to find out the type of firewall(s)
    used is through the company's HR site, which sometimes has a completing
    listing on firewalls, IDS, protocols, applications, and MUCH more.
    When this does not work I also check firewall mailing list for
    @targetcompany.com to see if anyone has posted.

    intel96

    Byron L. Sonne wrote:

    >
    >> We all know that, we can identify firewall using various methods and
    >> tools like "firewalk".
    >> Is there any method or tool available which will remotely fingerprint
    >> and enumerate rule
    >
    > > base configured on the firewall?
    >
    > Well, more accurately put firewalk does not identify firewalls as much
    > as it enumerates what kind of traffic will be passed as well as
    > allowing you to figure out ACLs in use.
    >
    > Generally speaking I don't think you'll be able to come up with
    > something along the lines of nmap that will allow you to determine
    > what kind of firewall is in place. Certainly not reliably for all
    > firewalls and in all situations; there's just to much variability in
    > how rules can be configured or traffic scrubbed.
    >
    > What I do think is possible is the creation of a tool that will narrow
    > the field down to a group of firewalls.
    >
    > However, I suppose that for peculiar situations, either from grievous
    > design error or peculiar configurations, certain firewalls might stick
    > out like a sore thumb. But my suspicions are that would be rare.
    >

  • Next message: Brett Moore: "[WHITEPAPER] Bugger The Debugger"
    • Quantcast