Re: Firewall Identification via nmap SYN, Stealth FIN, Xmas Tree, and Null scans

From: C Colon (foobar@asia.com)
Date: 06/05/02

• Next message: john.veldhuis@universal.nl: "Re: VPN without Firewall?!"
• Previous message: David D: "Re: failed logins from other domains"
• In reply to: Bernd Eckenfels: "Re: Firewall Identification via nmap SYN, Stealth FIN, Xmas Tree, and Null scans"
• Next in thread: Jens Hoffmann: "Re: Firewall Identification via nmap SYN, Stealth FIN, Xmas Tree, and Null scans"
• Reply: Jens Hoffmann: "Re: Firewall Identification via nmap SYN, Stealth FIN, Xmas Tree, and Null scans"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

From: foobar@asia.com (C Colon)
Date: 4 Jun 2002 22:28:15 -0700

: In comp.security.misc omegatron <omegatron@hushmail.com> wrote:
: I am performing a penetration test for a client and I am trying to
: determine what type of firewall (which at this point is transparent
to
: me) is filtering traffic on the target network.

: Xmas Tree (-sX) and Null (-sN) scans against the same host lists all
: ports as OPEN. I haven't done a TCP Connect (-sT) scan yet, but
based
: on my other data using TCP Connect scans against the same network, I
: believe the ports will be in FILTERED state.
  
: Are these varying results indicative of any specific firewall
policies
: that may identify a particular firewall? Any help would be
: appreciated. Thanks...

Please ensure that by publishing scan results for public view, you are
not breaching any confidentiality agreements that you may have with
the client. I am not sure whether such a post would be in line with
what your client expects.

Regards
C:\>
-----------------------------------------------------
Kindly post replies to the newsgroups itself

---

• Next message: john.veldhuis@universal.nl: "Re: VPN without Firewall?!"
• Previous message: David D: "Re: failed logins from other domains"
• In reply to: Bernd Eckenfels: "Re: Firewall Identification via nmap SYN, Stealth FIN, Xmas Tree, and Null scans"
• Next in thread: Jens Hoffmann: "Re: Firewall Identification via nmap SYN, Stealth FIN, Xmas Tree, and Null scans"
• Reply: Jens Hoffmann: "Re: Firewall Identification via nmap SYN, Stealth FIN, Xmas Tree, and Null scans"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

---

Relevant Pages Presentation: Bypassing client application protection techniques with notepad ... Bypassing client application protection techniques ... Kerio Personal Firewall 4.0 ... Last years were revolutionary for network services infrastructure ... (NT-Bugtraq) Presentation: Bypassing client application protection techniques with notepad ... Bypassing client application protection techniques ... Kerio Personal Firewall 4.0 ... Last years were revolutionary for network services infrastructure ... (Bugtraq) [Full-Disclosure] Presentation: Bypassing client application protection techniques with notepad ... Bypassing client application protection techniques ... Kerio Personal Firewall 4.0 ... Last years were revolutionary for network services infrastructure ... (Full-Disclosure) RE: Force use of ISA Firewall Client ... the Firewall client automatically sends user credentials ... or the user account must be mirrored on the ISA 2004 firewall. ... But if you visit Websites or FTP, the web proxy has improved performance. ... (microsoft.public.windows.server.sbs) RE: SBS Premium, Secure Banking site, certificate = no joy ... firewall client installed cannot access a specific banking web site. ... settings and create the ISA rules. ... 825763 How to configure Internet access in Windows Small Business Server ... On the ISA Server computer, stop the Microsoft Firewall service. ... (microsoft.public.windows.server.sbs)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Newsgroups  > comp.security.misc  > 2002-06