Penetration Testing mailing list archives
RE: [PEN-TEST] Detecting the presence of a firewall - Layer 2
From: Lance Spitzner <lance () honeynet org>
Date: Tue, 15 May 2001 12:35:20 -0500 (CDT)
On Tue, 15 May 2001 railwayclubposse () hushmail com wrote:
You get the same results if the default Checkpoint ports are closed. You still need to find one or two open ports, but they don't have to be on the firewall itself. The giveaway is in how the headers are rewritten for one- to-many NAT.
Let us not forget layer 2. Another great way to detect a firewall (and you have access to the local network) is to do a ping sweep of the local network. Take the list of IPs that responded and compare that to your arp table. Often you will find more MAC addresses from the local network then you found IPs form the local network. If you could not connect/ping a system locally, but its MAC exists in your ARP table, that system most likely has some firewalling or ICMP disabled. Just one more method of gathering information. lance
Current thread:
- [PEN-TEST] Detecting the presence of a firewall priya subramanian (May 11)
- RE: [PEN-TEST] Detecting the presence of a firewall Ansar Mohammed (May 14)
- RE: [PEN-TEST] Detecting the presence of a firewall MadHat (May 14)
- <Possible follow-ups>
- RE: [PEN-TEST] Detecting the presence of a firewall Ansar Mohammed (May 14)
- RE: [PEN-TEST] Detecting the presence of a firewall railwayclubposse (May 14)
- Re: [PEN-TEST] Detecting the presence of a firewall Mule, Andrew (May 14)
- Re: [PEN-TEST] Detecting the presence of a firewall PinGer (May 16)
- RE: [PEN-TEST] Detecting the presence of a firewall Geoghegan, Glyn (ISS London) (May 14)
- RE: [PEN-TEST] Detecting the presence of a firewall Frank Knobbe (May 14)
- RE: [PEN-TEST] Detecting the presence of a firewall railwayclubposse (May 15)
- RE: [PEN-TEST] Detecting the presence of a firewall - Layer 2 Lance Spitzner (May 15)
- RE: [PEN-TEST] Detecting the presence of a firewall Balunos, Don (May 15)
- RE: [PEN-TEST] Detecting the presence of a firewall Frank Knobbe (May 15)
- RE: [PEN-TEST] Detecting the presence of a firewall railwayclubposse (May 16)
- RE: [PEN-TEST] Detecting the presence of a firewall Ansar Mohammed (May 14)