Re: [PEN-TEST] PIX Firewall Question

[Anubis The Godfather of Soul <chrome () VELVET NET>]

On Thu, 30 Nov 2000, Jon Vandiveer wrote:

> PixOS was "acquired" by Cisco. It is becoming more IOS'ish (PixOS 5.2), but
> is a proprietary OS.

Hrm, ok thank you. {learning more by the day here}

> I will scan our firewall and let you know if there are any "proprietary"
> ports open, but as Dom said it is pretty dependant on the config.
> I would think nMap could profile it.

Yeah, we're basically looking for some king of "standard" footprint this
little guy might leave so we'll know we've actually located it.

The IP we were curious about was this one:

Interesting ports on  (xx.xx.xxx.xxx):
(The 65526 ports scanned but not shown below are in state: closed)
Port       State       Service
23/tcp     open        telnet
68/tcp     filtered    bootpc
137/tcp    filtered    netbios-ns
138/tcp    filtered    netbios-dgm
139/tcp    filtered    netbios-ssn
2129/tcp   open        unknown
4129/tcp   open        unknown
6129/tcp   open        unknown
9129/tcp   open        unknown

TCP Sequence Prediction: Class=random positive increments
                         Difficulty=2911 (Medium)

Sequence numbers: 36E54D70 36E94F06 36ED6C69 36F18A5F 36F5AA62 36F9C64F
Remote operating system guess: Cisco IOS 11.3 - 12.0(11)


----

As you can see nmap shows it as IOS..

Feedback I've recieved so far says that this probably isn't the PIX.
Opinions?