|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: Fingerprinting Firewall
From: David L Rice (drice39
cox.net)
Date: Thu Apr 14 2005 - 08:23:45 CDT
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Symantec Firewalls will show 2456 tcp for version 8 or SGS 5400
For older raptor firewalls look for 416 and 417 tcp
-----Original Message-----
From: Fatih OZAVCI [mailto:fatih.ozavciinfosecurenet.com]
Sent: Wednesday, April 13, 2005 12:18 AM
To: Prashant Gawade
Cc: pen-testsecurityfocus.com
Subject: Re: Fingerprinting Firewall
hi,
some firewalls (like checkpoint fw-1) have by-default open services, you can
detect firewall if this services or ports are open.
for example 256/18264/264 ports are open, this firewall is checkpoint fw-1.
also you can analyze tcp/ip fingerprints for firewall operation system
(*bsd, linux, solaris etc.)
good luck.
Fatih Ozavci
IT Security Consultant
Prashant Gawade wrote:
>
> hi
>
> We all know that, we can identify firewall using various methods and
tools like "firewalk".
> Is there any method or tool available which will remotely fingerprint and
enumerate rule base configured on the firewall?
>
>
> Prashant Vijayanand Gawade
> Paladion Networks
> Security Engineer
> Navi- Mumbai
>
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]