Penetration Testing mailing list archives
Re: [PEN-TEST] Detecting the presence of a firewall / identifying firewalls
From: david.hyams () eycom ch
Date: Wed, 16 May 2001 12:15:40 +0100
A number of people have mentioned ports 256-258, 264, etc. Another good port to try is 900, if it's open then try pointing your browser to it, i.e. http://<ip of firewall>:900 Also, try telnet'ing to the SMTP port of the MAIL SERVER (not firewall). If the SMTP security server is configured then you might be lucky enough to see the default banner: "CheckPoint Firewall-1 secure SMTP Server". Hmmm, smells a bit like a Firewall-1... Incidentally, I just put an article "Identifying Firewalls" on my web site, try http://www.kmu-security.ch/identifyingfirewalls.htm (The checkpoint stuff is near the end of the article). This article was intended as a non-technical guide showing how an attacker can identify the company firewall. Having written it I now realise that I've only scraped the surface, and that numerous additional methods must exist for most firewalls. If there's sufficient demand, then maybe I'll write a second, more technical version, with more details and additional firewalls. regards David Hyams http://www.kmu-security.ch P.S. My site has only been up for a couple of days so please be gentle! If you've got any comments / criticisms then please let me know!
Current thread:
- Re: [PEN-TEST] Detecting the presence of a firewall / identifying firewalls david . hyams (May 16)