Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: How to detect whether firewall service is provided by server or by ISP?

From: Paul Johnston <paul.johnston () pentest co uk>
Date: Fri, 17 Sep 2010 11:21:10 +0100
Hi,

If some ports are allowed through the firewall you have a chance. I've
never done this, but in theory it will work in some circumstances:

Say port 80 is allowed. First, use tcptraceroute on that port to
discover the path distance (number of hops) to the target. Now pick a
port that isn't allowed. Again, use tcptraceroute to determine find the
last hop that gets a "ttl exceeded" reponse, before you get no responses
(because of the firewall).

If this is one less than the path distance, you can say with reasonable
certainty that it's a host firewall. Otherwise, this would imply a
router/front-end firewall.

Paul




On 16/09/2010 12:23, martin wrote:

I have two servers behind different networks. First network is
protected with firewall provided by the router and there is no
firewall in the server:

[root@martin ~]# nmap --reason -n -PN -p445 192.168.217.73

Starting Nmap 5.00 ( http://nmap.org ) at 2010-09-16 13:57 EEST
Interesting ports on 192.168.217.73:
PORT    STATE    SERVICE      REASON
445/tcp filtered microsoft-ds no-response

Nmap done: 1 IP address (1 host up) scanned in 2.15 seconds
[root@martint ~]#

The other server is in the second network and there is no firewall
service provided by the router, but firewall is activated in the
server:

[root@martin ~]# nmap --reason -n -PN -p9731 192.168.13.19

Starting Nmap 5.00 ( http://nmap.org ) at 2010-09-16 13:56 EEST
Interesting ports on 192.168.13.19:
PORT     STATE    SERVICE REASON
9731/tcp filtered unknown no-response

Nmap done: 1 IP address (1 host up) scanned in 2.15 seconds
[root@martin ~]#

Is there somehow possibility to detect, whether firewall is active in
the server or in the router?

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, 
how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, 
purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for 
set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital 
certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------






-- 
Pentest - When a tick in the box is not enough

Paul Johnston - IT Security Consultant / Tiger SST
Pentest Limited - ISO 9001 (cert 16055) / ISO 27001 (cert 558982)

Office: +44 (0) 161 233 0100
Mobile: +44 (0) 7817 219 072

Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy
Registered Number: 4217114 England & Wales
Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK

------------------------------------------------------------------------
Securing Apache Web Server with thawte Digital Certificate
In this guide we examine the importance of Apache-SSL and who needs an SSL certificate.  We look at how SSL works, how 
it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, 
install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are 
highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates.

http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1
------------------------------------------------------------------------
Previous By Date Next
Previous By Thread Next

Current thread: