Security Basics mailing list archives
Re: How to detect whether firewall service is provided by server or by ISP?
From: Paul Johnston <paul.johnston () pentest co uk>
Date: Fri, 17 Sep 2010 11:21:10 +0100
Hi, If some ports are allowed through the firewall you have a chance. I've never done this, but in theory it will work in some circumstances: Say port 80 is allowed. First, use tcptraceroute on that port to discover the path distance (number of hops) to the target. Now pick a port that isn't allowed. Again, use tcptraceroute to determine find the last hop that gets a "ttl exceeded" reponse, before you get no responses (because of the firewall). If this is one less than the path distance, you can say with reasonable certainty that it's a host firewall. Otherwise, this would imply a router/front-end firewall. Paul On 16/09/2010 12:23, martin wrote:
I have two servers behind different networks. First network is protected with firewall provided by the router and there is no firewall in the server: [root@martin ~]# nmap --reason -n -PN -p445 192.168.217.73 Starting Nmap 5.00 ( http://nmap.org ) at 2010-09-16 13:57 EEST Interesting ports on 192.168.217.73: PORT STATE SERVICE REASON 445/tcp filtered microsoft-ds no-response Nmap done: 1 IP address (1 host up) scanned in 2.15 seconds [root@martint ~]# The other server is in the second network and there is no firewall service provided by the router, but firewall is activated in the server: [root@martin ~]# nmap --reason -n -PN -p9731 192.168.13.19 Starting Nmap 5.00 ( http://nmap.org ) at 2010-09-16 13:56 EEST Interesting ports on 192.168.13.19: PORT STATE SERVICE REASON 9731/tcp filtered unknown no-response Nmap done: 1 IP address (1 host up) scanned in 2.15 seconds [root@martin ~]# Is there somehow possibility to detect, whether firewall is active in the server or in the router? ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
-- Pentest - When a tick in the box is not enough Paul Johnston - IT Security Consultant / Tiger SST Pentest Limited - ISO 9001 (cert 16055) / ISO 27001 (cert 558982) Office: +44 (0) 161 233 0100 Mobile: +44 (0) 7817 219 072 Email policy: http://www.pentest.co.uk/legal.shtml#emailpolicy Registered Number: 4217114 England & Wales Registered Office: 26a The Downs, Altrincham, Cheshire, WA14 2PU, UK ------------------------------------------------------------------------ Securing Apache Web Server with thawte Digital Certificate In this guide we examine the importance of Apache-SSL and who needs an SSL certificate. We look at how SSL works, how it benefits your company and how your customers can tell if a site is secure. You will find out how to test, purchase, install and use a thawte Digital Certificate on your Apache web server. Throughout, best practices for set-up are highlighted to help you ensure efficient ongoing management of your encryption keys and digital certificates. http://www.dinclinx.com/Redirect.aspx?36;4175;25;1371;0;5;946;e13b6be442f727d1 ------------------------------------------------------------------------
Current thread:
- How to detect whether firewall service is provided by server or by ISP? martin (Sep 16)
- Re: How to detect whether firewall service is provided by server or by ISP? TAS (Sep 16)
- Re: How to detect whether firewall service is provided by server or by ISP? Ansgar Wiechers (Sep 17)
- Re: How to detect whether firewall service is provided by server or by ISP? Paul Johnston (Sep 17)
- Re: How to detect whether firewall service is provided by server or by ISP? Nikhil Wagholikar (Sep 17)
- RE: How to detect whether firewall service is provided by server or by ISP? Demetris Papapetrou (Sep 20)
- Re: How to detect whether firewall service is provided by server or by ISP? TAS (Sep 16)