Penetration Testing mailing list archives
RE: Fingerprinting Firewall
From: "rzaluski" <rzaluski () ivolution ca>
Date: Mon, 11 Apr 2005 17:33:23 -0400
Another good way is to search job listings that deal with the company with Online Job postings.. You can get a lot of information just from that including such things as Firewall makes, models as well as their internal architectures / systems. Richard Zaluski CISO, Security and Infrastructure Services iVOLUTION Technologies Incorporated 905.309.1911 866.601.4678 www.ivolution.ca rzaluski () ivolution ca Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D ======================================================================= CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender. Any unauthorized review, use, disclosure, or distribution is prohibited. ======================================================================= -----Original Message----- From: intel96 [mailto:intel96 () bellsouth net] Sent: Monday, April 11, 2005 2:21 PM To: pen-test () securityfocus com Subject: Re: Fingerprinting Firewall One of the best way I have found to find out the type of firewall(s) used is through the company's HR site, which sometimes has a completing listing on firewalls, IDS, protocols, applications, and MUCH more. When this does not work I also check firewall mailing list for @targetcompany.com to see if anyone has posted. intel96 Byron L. Sonne wrote:
We all know that, we can identify firewall using various methods and tools like "firewalk". Is there any method or tool available which will remotely fingerprint and enumerate rulebase configured on the firewall?Well, more accurately put firewalk does not identify firewalls as much as it enumerates what kind of traffic will be passed as well as allowing you to figure out ACLs in use. Generally speaking I don't think you'll be able to come up with something along the lines of nmap that will allow you to determine what kind of firewall is in place. Certainly not reliably for all firewalls and in all situations; there's just to much variability in how rules can be configured or traffic scrubbed. What I do think is possible is the creation of a tool that will narrow the field down to a group of firewalls. However, I suppose that for peculiar situations, either from grievous design error or peculiar configurations, certain firewalls might stick out like a sore thumb. But my suspicions are that would be rare.
Attachment:
rzaluski@ivolution.ca (rzaluski@ivolution.ca).vcf
Description:
Current thread:
- Fingerprinting Firewall Prashant Gawade (Apr 08)
- Re: Fingerprinting Firewall Byron L. Sonne (Apr 10)
- Re: Fingerprinting Firewall Fatih OZAVCI (Apr 13)
- RE: Fingerprinting Firewall David L Rice (Apr 14)
- <Possible follow-ups>
- RE: Fingerprinting Firewall rzaluski (Apr 11)
- RE: Fingerprinting Firewall Clement Dupuis (Apr 14)