RE: Fingerprinting PIX with nmap
- From: "Paul Melson" <pmelson@xxxxxxxxx>
- Date: Wed, 30 Apr 2008 13:20:58 -0400
I got the following result while using nmap, the scan of port 25 gives thefirewall brand, what should be the
recommendation to disable that PIX fingerprinting?
Why would you recommend that they do anything about the fact that a port
scanner can identify the version of firewall that they're running? I mean,
aside from the obvious answer that you have no higher severity findings to
report.
I guess disabling the mail guard "fixup smtp" on the pix is not a goodidea.
Not for the sole purpose of avoiding detection by NMap. Know why? Because
the next time you run that scan, NMap will identify the mail server sitting
behind it instead of the PIX proxy. And as recon goes, identifying
OS/app/version of an internal server is more valuable than identifying the
brand (but not specific version) of the border firewall.
PaulM
------------------------------------------------------------------------
This list is sponsored by: Cenzic
Need to secure your web apps NOW?
Cenzic finds more, "real" vulnerabilities fast.
Click to try it, buy it or download a solution FREE today!
http://www.cenzic.com/downloads
------------------------------------------------------------------------
- Prev by Date: Re: Penetration Testing Scheduling
- Next by Date: Insomnia: Whitepaper - Access Through Access
- Previous by thread: Re: Penetration Testing Scheduling
- Next by thread: Re: Fingerprinting PIX with nmap
- Index(es):
Relevant Pages
|
|
