RE: Fingerprinting Firewall

• Previous message: Marc Davison: "Mail Server problem / query"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <pen-test@securityfocus.com>
Date: Wed, 13 Apr 2005 23:11:49 -0400

Take a look at the ISSAF, it has a nice section on common ways to test
firewall and a lot of those identification items mentioned below.

You can find it at:

http://www.professionalsecuritytesters.org/modules.php?name=News&file=articl
e&sid=287

Enjoy

Clement

Clement Dupuis, CD
CCCure Enterprise Security & Training Inc.
CISSP, GCFW, GCIA, Security+, CEH, CCSA, CCSE, ACE
President/Chief Learning Officer (CLO)
Tel: 954 364 8410 (Florida)
Tel: 819 340 0138 (Quebec)
Fax: 636 773 6328

Maintainer of :

The CISSP and SSCP Open Study Guides Web Site
http://www.cccure.org

The Professional Security Testers Warehouse
http://www.professionalsecuritytesters.org
  

-----Original Message-----
From: Fatih OZAVCI [mailto:fatih.ozavci@infosecurenet.com]
Sent: Wednesday, April 13, 2005 3:18 AM
To: Prashant Gawade
Cc: pen-test@securityfocus.com
Subject: Re: Fingerprinting Firewall

hi,

some firewalls (like checkpoint fw-1) have by-default open services, you
can detect firewall if this services or ports are open.

for example 256/18264/264 ports are open, this firewall is checkpoint fw-1.

also you can analyze tcp/ip fingerprints for firewall operation system
(*bsd, linux, solaris etc.)

good luck.

Fatih Ozavci
IT Security Consultant

Prashant Gawade wrote:
>
> hi
>
> We all know that, we can identify firewall using various methods and
tools like "firewalk".
> Is there any method or tool available which will remotely fingerprint and
enumerate rule base configured on the firewall?
>
>
> Prashant Vijayanand Gawade
> Paladion Networks
> Security Engineer
> Navi- Mumbai
>

• Previous message: Marc Davison: "Mail Server problem / query"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages [REVS] Bypassing Client Application Protection Techniques ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ... (Securiteam) Re: Returned vulnerabilities, Messenger Spam, pls. HELP ... You should not enable XP's firewall if you are also running ... check for verification I achieved stealth status for all ports it can check. ... As a result for one or two days there was no Messenger Spam on my screen. ... But the messenger spam returned in a series and rechecked security did find ... (microsoft.public.windowsxp.security_admin) Re: Recycler security issues on IIS server ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ... (microsoft.public.inetserver.iis.security) Why hasnt Symantec addressed nastier Messenger spoofs ... Norton / Symantec has been silent on whether Norton Internet Security ... DSL firewall will stop these kinds of pop-ups. ... major ISPs and broadband systems. ... (comp.security.misc) Re:RE : suggestions on a good firewall ... Subject: RE: suggestions on a good firewall ... CheckPoint does! ... with a url-filtering server. ... IT Technical Security Officer ... (Security-Basics)