Re: Pentesting Old unsupported Firewall Appliances

To:	pen-test@securityfocus.com
Subject:	Re: Pentesting Old unsupported Firewall Appliances
From:	vtlists@wyae.de
Date:	Tue, 12 Jun 2007 09:48:22 +0200
Delivered-to:	sp-com-lists@consult.net
Delivered-to:	pentest-list2@consult.net
Delivered-to:	mailing list pen-test@securityfocus.com
Delivered-to:	moderator for pen-test@securityfocus.com
List-help:	<mailto:pen-test-help@securityfocus.com>
List-id:	<pen-test.list-id.securityfocus.com>
List-post:	<mailto:pen-test@securityfocus.com>
List-subscribe:	<mailto:pen-test-subscribe@securityfocus.com>
List-unsubscribe:	<mailto:pen-test-unsubscribe@securityfocus.com>
Mailing-list:	contact pen-test-help@securityfocus.com; run by ezmlm
References:	<27589.67646.qm@web38403.mail.mud.yahoo.com>
Resent-date:	Fri, 15 Jun 2007 10:42:41 -0600 (MDT)
Resent-from:	pen-test-return-1078484363@securityfocus.com
Resent-message-id:	<20070615164241.157E6143A1F@outgoing2.securityfocus.com>
Resent-sender:	listbounce@securityfocus.com
Sender:	listbounce@securityfocus.com

Harold Castro writes:

I'm new in pen testing.
Recently, I came across this firewall appliance

running Apache/1.3.26(Unix) mod_dtcl mod_ssl/2.8.10 OpenSSL/0.9.7 during an

external pentest.

The nmap output on OS fingerprinting and service
detection looks like:

Running (JUST GUESSING) : Nokia IPSO (98%), Checkpoint
IPSO (90%) OS fingerprint not ideal because: Missing a
closed TCP port so results incomplete Aggressive OS
guesses: Nokia IP650 firewall appliance (runs IPSO 4.0
and CheckPoint Firewall-1/VPN-1 software) (98%), Nokia
IPSO 4.1Build19 firewall (94%), Checkpoint VPN-1
running IPSO 4.1 (90%)

According to nessus and nikto scans, the apache and
mod_ssl running on this particular host has several

high risk vulnerabilities.

Hmmm - are you sure that the apache is running on the firewall? I think asimple incoming NAT port forwarding to a separate server is more probablethan an apache on the Checkpoint/Nokia appliance.You can crosscheck the NMAP result with an ikescan if you test if there areCKP-specific ports open (FW1topo comes to mind) or for thecheckpoint-specific IKE modes, which will give you the exact CKP version,too.


Bye

Volker



--

Volker Tanger    http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@wyae.de                    PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC  8340 7424 6122 BB83 B8CB

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

<Prev in Thread]	Current Thread	[Next in Thread>
Pentesting Old unsupported Firewall Appliances, Harold Castro Re: Pentesting Old unsupported Firewall Appliances, Jamie Riden RE: Pentesting Old unsupported Firewall Appliances, Clemens, Dan Re: Pentesting Old unsupported Firewall Appliances, Tiago Batista Firewall Leak Testing Was Re: Pentesting Old unsupported Firewall Appliances, mOses Re: Pentesting Old unsupported Firewall Appliances, Security Guy Re: Pentesting Old unsupported Firewall Appliances, vtlists <= RE: Pentesting Old unsupported Firewall Appliances, Michael Scheidell

Previous by Date:	RE: Pentesting Old unsupported Firewall Appliances, Michael Scheidell
Next by Date:	How to make exploits more reliable - demo movie, lists73
Previous by Thread:	Re: Pentesting Old unsupported Firewall Appliances, Security Guy
Next by Thread:	RE: Pentesting Old unsupported Firewall Appliances, Michael Scheidell
Indexes:	[Date] [Thread] [Top] [All Lists]