RE: Fingerprinting Firewall
From: David L Rice (drice39_at_cox.net)
Date: 04/14/05
- Previous message: Prashant Gawade: "Re: Mail Server problem / query"
- In reply to: Fatih OZAVCI: "Re: Fingerprinting Firewall"
- Next in thread: Clement Dupuis: "RE: Fingerprinting Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: <pen-test@securityfocus.com> Date: Thu, 14 Apr 2005 06:23:45 -0700
Symantec Firewalls will show 2456 tcp for version 8 or SGS 5400
For older raptor firewalls look for 416 and 417 tcp
-----Original Message-----
From: Fatih OZAVCI [mailto:fatih.ozavci@infosecurenet.com]
Sent: Wednesday, April 13, 2005 12:18 AM
To: Prashant Gawade
Cc: pen-test@securityfocus.com
Subject: Re: Fingerprinting Firewall
hi,
some firewalls (like checkpoint fw-1) have by-default open services, you can
detect firewall if this services or ports are open.
for example 256/18264/264 ports are open, this firewall is checkpoint fw-1.
also you can analyze tcp/ip fingerprints for firewall operation system
(*bsd, linux, solaris etc.)
good luck.
Fatih Ozavci
IT Security Consultant
Prashant Gawade wrote:
>
> hi
>
> We all know that, we can identify firewall using various methods and
tools like "firewalk".
> Is there any method or tool available which will remotely fingerprint and
enumerate rule base configured on the firewall?
>
>
> Prashant Vijayanand Gawade
> Paladion Networks
> Security Engineer
> Navi- Mumbai
>
- Previous message: Prashant Gawade: "Re: Mail Server problem / query"
- In reply to: Fatih OZAVCI: "Re: Fingerprinting Firewall"
- Next in thread: Clement Dupuis: "RE: Fingerprinting Firewall"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
