Re: Fingerprinting Firewall

From: Fatih OZAVCI (fatih.ozavci@infosecurenet.com)
Date: Wed Apr 13 2005 - 03:18:24 EDT

• Next message: Lynx: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"
• Previous message: psiphon@infosecguides.com: "Re: 'in-line' pentest and pentest linux distro?"
• In reply to: Prashant Gawade: "Fingerprinting Firewall"
• Next in thread: David L Rice: "RE: Fingerprinting Firewall"
• Reply: David L Rice: "RE: Fingerprinting Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

hi,

some firewalls (like checkpoint fw-1) have by-default open services, you
can detect firewall if this services or ports are open.

for example 256/18264/264 ports are open, this firewall is checkpoint fw-1.

also you can analyze tcp/ip fingerprints for firewall operation system
(*bsd, linux, solaris etc.)

good luck.

Fatih Ozavci
IT Security Consultant

Prashant Gawade wrote:
>
> hi
>
> We all know that, we can identify firewall using various methods and tools like "firewalk".
> Is there any method or tool available which will remotely fingerprint and enumerate rule base configured on the firewall?
>
>
> Prashant Vijayanand Gawade
> Paladion Networks
> Security Engineer
> Navi- Mumbai
>

• Next message: Lynx: "Re: Any way to automatically change arbitrary headers of IP packets on-the-fly?"
• Previous message: psiphon@infosecguides.com: "Re: 'in-line' pentest and pentest linux distro?"
• In reply to: Prashant Gawade: "Fingerprinting Firewall"
• Next in thread: David L Rice: "RE: Fingerprinting Firewall"
• Reply: David L Rice: "RE: Fingerprinting Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:19 EDT