[prev in list] [next in list] [prev in thread] [next in thread] 

List:       vpn
Subject:    Re: [PEN-TEST] Detecting the presence of a firewall (fwd)
From:       hermit1 <hermits () mac ! com>
Date:       2001-05-15 14:06:24
[Download RAW message or body]

Many firewalls, including Checkpoint's FW-1, are or should be configured to 
drop all traffic to them, with exceptions for traffic from specific control 
locations.  These setups can't be differentiated.  But sites that use 
SecuRemote or SecureClient don't have this much protection.

hermit1

At 01:03 PM 5/14/01 -0500, Tina Bird wrote:
>---------- Forwarded message ----------
>Date: Mon, 14 May 2001 12:30:32 +0100
>From: David Wray <davew@sec-tec.com>
>To: Penetration Testers <PEN-TEST@securityfocus.com>
>Subject: Re: [PEN-TEST] Detecting the presence of a firewall
>
>
>Hi
>
>1. If memory serves me correct (and it frequently doesn't), open TCP ports
>256,257 and 258 are a good indication. I have also noticed that NMAP can
>often detect Check Point Firewall-1 using the fingerprinting option, and it
>seems to be quite accurate.
>
>2. There is probably a fair easier way of doing this, but if I want to find
>the internal IP address scheme, I often try to perform a download VPN
>topology request using Checkpoint Secureclient. Once the download is done,
>any request for the Internal IP address scheme will prompt for a username
>and password. Of course this method is far from perfect and makes all sorts
>of assumptions (VPN license, correctly configured encryption domain, non
>authenticated topology requests are allowed etc), but its better than
>nothing, sometimes, maybe.
>
>Regards
>
>Dave Wray
>Sec-Tec Ltd
>-------
> > Pl clarify the following
> >
> > 1. Are there any means of detecting the presence of a
> > checkpoint firewall at a company's premises,  from a
> > remote location.
> >
> > 2.Knowing one interface of the firewall machine, is it
> > possible for me to find the ip addresses of the other
> > interfaces.
> >
> > Kindly reply at the earliest.
> > Priya
> >


VPN is sponsored by SecurityFocus.com

[prev in list] [next in list] [prev in thread] [next in thread]