Penetration Testing mailing list archives

Re: [PEN-TEST] Firewalking

From: Jan Muenther <jan () RADIO HUNDERT6 DE>
Date: Wed, 7 Mar 2001 10:36:34 +0000

Hi,

What would be the best way to determine what kind of firewall is running on
a server? Especially one that does not give out any banners.
TCP-fingerprinting is not possible because there are no obvious open ports.


depends, I'd say. If they pass in (and let out) some ICMP types /
codes, you might be able to fingerprint them on that. I think it
was either Dragos Riu or Clayton Fiske, but one of them wrote an
excellent paper about ICMP fingerprinting.

Cheers, Jan
--
Radio HUNDERT,6 Medien GmbH Berlin
- EDV -
j.muenther () radio hundert6 de

Current thread:

[PEN-TEST] Firewalking Pepijn Vissers (Mar 06)
- Re: [PEN-TEST] Firewalking Tom Vandepoel (Mar 06)
- Re: [PEN-TEST] Firewalking Enno Rey (Mar 06)
  - Re: [PEN-TEST] Firewalking Alberto Román (Mar 07)
- Re: [PEN-TEST] Firewalking honoriak (Mar 06)
- Re: [PEN-TEST] Firewalking Ivan Buetler (Mar 07)
- Re: [PEN-TEST] Firewalking Jan Muenther (Mar 07)
  - [PEN-TEST] RES: [PEN-TEST] Firewalking Cristiano Lincoln Mattos (Mar 07)
- <Possible follow-ups>
- Re: [PEN-TEST] Firewalking Woch, Wojciech (Mar 08)