RE: Fingerprinting Firewall

From: rzaluski (rzaluski_at_ivolution.ca)
Date: 04/11/05

  • Next message: Chris Mitchell: "RE: Rogue AP Wireless on Windows/Linux"
    To: "'intel96'" <intel96@bellsouth.net>, <pen-test@securityfocus.com>
    Date: Mon, 11 Apr 2005 17:33:23 -0400
    
    
    

    Another good way is to search job listings that deal with the company with
    Online Job postings.. You can get a lot of information just from that
    including such things as Firewall makes, models as well as their internal
    architectures / systems.

    Richard Zaluski
    CISO, Security and Infrastructure Services
    iVOLUTION Technologies Incorporated
    905.309.1911
    866.601.4678
    www.ivolution.ca
    rzaluski@ivolution.ca
     
    Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D
     
    =======================================================================
    CONFIDENTIALITY NOTICE: This email message, including any
    attachments, is for the sole use of the intended recipient(s) and may
    contain confidential and privileged information. If you are not the
    intended recipient, please contact the sender. Any unauthorized review,
    use, disclosure, or distribution is prohibited.
    =======================================================================
    -----Original Message-----
    From: intel96 [mailto:intel96@bellsouth.net]
    Sent: Monday, April 11, 2005 2:21 PM
    To: pen-test@securityfocus.com
    Subject: Re: Fingerprinting Firewall

    One of the best way I have found to find out the type of firewall(s)
    used is through the company's HR site, which sometimes has a completing
    listing on firewalls, IDS, protocols, applications, and MUCH more.
    When this does not work I also check firewall mailing list for
    @targetcompany.com to see if anyone has posted.

    intel96

    Byron L. Sonne wrote:

    >
    >> We all know that, we can identify firewall using various methods and
    >> tools like "firewalk".
    >> Is there any method or tool available which will remotely fingerprint
    >> and enumerate rule
    >
    > > base configured on the firewall?
    >
    > Well, more accurately put firewalk does not identify firewalls as much
    > as it enumerates what kind of traffic will be passed as well as
    > allowing you to figure out ACLs in use.
    >
    > Generally speaking I don't think you'll be able to come up with
    > something along the lines of nmap that will allow you to determine
    > what kind of firewall is in place. Certainly not reliably for all
    > firewalls and in all situations; there's just to much variability in
    > how rules can be configured or traffic scrubbed.
    >
    > What I do think is possible is the creation of a tool that will narrow
    > the field down to a group of firewalls.
    >
    > However, I suppose that for peculiar situations, either from grievous
    > design error or peculiar configurations, certain firewalls might stick
    > out like a sore thumb. But my suspicions are that would be rare.
    >

    
    


  • Next message: Chris Mitchell: "RE: Rogue AP Wireless on Windows/Linux"

    Relevant Pages

    • Re: Fingerprinting Firewall
      ... I think of a particular case where you are able to sniff layer two ... traffic in the firewall segment and this firewall is an ... > However, I suppose that for peculiar situations, either from grievous ... > design error or peculiar configurations, ...
      (Pen-Test)
    • RE: Symantec SGS Gateway Firewall DoS vulnerability
      ... Well we have been fiddling with some configurations in ... SGS but haven't blocked DoS so far. ... firewall getting choked up. ...
      (Pen-Test)
    • RE: Internet Services Manager
      ... See ISM/MMC Does Not Work Through a Firewall ... The HTMLA uses TCP port 80, which is open on most firewalls for Web traffic ... require additional configurations mentioned in the online documentation for ... Use the ISM MMC over PPTP ...
      (Focus-Microsoft)
    • Re: Norton Internet Security 2002 Problems
      ... >I have setup some rules that permit connections to certain machines on ... at times the firewall does not let those ... >do not support custom configurations and that they would have to ... Good reasons to avoid Symantec, aside from the fact that their ...
      (comp.security.firewalls)
    • Re: Norton Internet Security 2002 Problems
      ... at times the firewall does not let those ... >When asked what was improperly configured their response was that they ... >do not support custom configurations and that they would have to ... >a bug in their software, they said that their software was tested by ...
      (comp.security.firewalls)