From: The Blueberry (acr872k@hotmail.com)
Date: Mon Aug 19 2002 - 20:38:42 EDT
Hi again all,
Since I get many
>Do you get any headers from
>21,23,25,80,110,119,443,8080?
I will remind you that that ports on the unknown device are exactly the same
as on the webserver so I assume that they are forwards. Proper checks of the
banners on the device have been done and they are the same as the ones of
the corresponding ports on the webserver. The only remaining port that
doesn't looks a forward to the webserver is 53. I successfully compromised a
low account on the webserver and verified the fact that no nameserver is
running on it. So either it is a forward to another box, either it is a
daemon on the device itself (eliminates the fact of it being a
cisco/firewall?) that is handling the requests. But now, how can I
fingerprint the device since all ports are forwards? even on the internal
adapter's port 23 I do not see any telltale sign of any way to administer it
remotely. Could it be (like one person suggested off the list) a Checkpoint?
A fact that goes in this theory is that an account exists on a NT
workstation/mailserver (do not remember which) that has a login name of
Borderware and a password of CheckPoint. Any insights?
--TB
_________________________________________________________________
MSN Photos is the easiest way to share and print your photos:
http://photos.msn.com/support/worldwide.aspx
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:53:24 EDT