pen-test
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

SPI firewall in between

from [Itimanth K] [Permanent Link][Original]
To: pen-test@securityfocus.com
Subject: SPI firewall in between
From: "Itimanth K" <itimanth@gmail.com>
Date: Thu, 15 Mar 2007 10:38:16 +0530
Delivered-to: sp-com-lists@consult.net
Delivered-to: pentest-list2@consult.net
Delivered-to: mailing list pen-test@securityfocus.com
Delivered-to: moderator for pen-test@securityfocus.com
Dkim-signature: a=rsa-sha1; c=relaxed/relaxed; d=gmail.com; s=beta; h=domainkey-signature:received:received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=AMr0moFcipJQ0Y624B4LmotGP3PuLEPr6p7iOASL6RfKpBj2jE9R/VZTJ6HB0Cfa4PVa1dHsRiSMMlLS+czTLWzov+yLGEh/I3zYMmFTANDC0kpWzmEb1qu1kNw6jeJ7rzlu5+5GJXhgd24EkP0t1fFQMyud6CW0gi4MsIb8qw8=
Domainkey-signature: a=rsa-sha1; c=nofws; d=gmail.com; s=beta; h=received:message-id:date:from:to:subject:mime-version:content-type:content-transfer-encoding:content-disposition; b=nPLWw3Zm/EJx0V0DX5krGcZasRL62cUWIzNb4jCoS2/izgQ9SavHPvFo9YJwYTLpq9Vm0TTZzENyRD34CRdciv2wPCN8nxunULmmFZQJzkbL5KM6N9d4FmDF+31BF90vpAQAeLD2hU72scjrucLT5x7eUBWeImyLDxIqT8Qoz3M=
List-help: <mailto:pen-test-help@securityfocus.com>
List-id: <pen-test.list-id.securityfocus.com>
List-post: <mailto:pen-test@securityfocus.com>
List-subscribe: <mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe: <mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list: contact pen-test-help@securityfocus.com; run by ezmlm
Resent-date: Sun, 18 Mar 2007 01:02:58 -0700 (MST)
Resent-from: pen-test-return-1078483792@securityfocus.com
Resent-message-id: <20070318080258.A10E5238435@outgoing3.securityfocus.com>
Resent-sender: listbounce@securityfocus.com
Sender: listbounce@securityfocus.com 
Dear list,

Recently we have started working on a black box pen test. And I think
that the IP's which we are given are behind a SPI firewall.

Lets say these are the IP's which my client gave me

x.x.x.23
x.x.x.24

when I try to do hping on them, this is what I get


[itimanth@localhost]$ hping2 -S x.x.x.23 -c 1 -p 80 -t 18
HPING x.x.x.23 (eth0 x.x.x.23): S set, 40 headers + 0 data bytes
TTL 0 during transit from ip=x.x.x.23 name=UNKNOWN


[itimanth@localhost]$ hping2 -S x.x.x.23 -c 1 -p 80 -t 19
HPING x.x.x.23 (eth0 x.x.x.23): S set, 40 headers + 0 data bytes
len=46 ip=x.x.x.23 ttl=240 DF id=44266 sport=80 flags=SA seq=0
win=8190 rtt=335.5 ms


This is the case for the other IP too.

I need to find the actual IP for the device which is at hop 18. I
tried running tcpdump along with hping, but I didnt get any clue about
the IP of that device.

Any bright ideas???

Thanx in advance.

Regards,

Itimanth

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Need to secure your web apps?
Cenzic Hailstorm finds vulnerabilities fast.
Click the link to buy it, try it or download Hailstorm for FREE.

http://www.cenzic.com/products_services/download_hailstorm.php?camp=701600000008bOW
------------------------------------------------------------------------
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • SPI firewall in between, Itimanth K <=
Previous by Date:  Re: Firewall testing tool - name forgotten ..., crazy frog crazy frog
Next by Date:  Re: Listing hide files via ftp, carlopmart
Previous by Thread:  NASL issues, tenbatsui
Next by Thread:  RE: Ethical hacker article published, Lou Spahn
Indexes:  [Date] [Thread] [Top] [All Lists]