From: Eagle Fire (tlecuauhtli@googlemail.com)
Date: Wed Jun 07 2006 - 05:12:28 EDT
I am guessing the FW is doing NAT or PAT to allow internal users to
reach the Internet. If it is using NAT there should be a one to one
relationship between internal and external IPs. If you do some
scanning you migth find something usefull. If they are using PAT is
more complex because they are using one o few IPs to go from the
internal to the external world. My guessing there is that you would
need to find any translation running to try to get some info from the
inside.
-tlec
On 7 Jun 2006 02:15:22 -0000, kratzer.jason@gmail.com
<kratzer.jason@gmail.com> wrote:
> I do know what is running on the internal network. I suppose the purpose of this is to audit the level of security provided by the firewall itself. I have already found vulnerabilities resident in the VPN and Webserver which would allow me access to the internal network but I would like to see, for personal interests as well as to demonstrate the level of security provided by the firewall, if there was any way to enumerate internal network information due to poorly configure filters. Since the beginning of this audit I have began research into packet manipulation in order to blindly discover available internal hosts and would simply like to know if it was possible to do so across the internet without access to a dmz zone.
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
> Choice Award from eWeek. As attacks through web applications continue to rise,
> you need to proactively protect your applications from hackers. Cenzic has the
> most comprehensive solutions to meet your application security penetration
> testing and vulnerability management needs. You have an option to go with a
> managed service (Cenzic ClickToSecure) or an enterprise software
> (Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
> help you: http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com for details.
> ------------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
Why not go with the #1 solution - Cenzic, the only one to win the Analyst's
Choice Award from eWeek. As attacks through web applications continue to rise,
you need to proactively protect your applications from hackers. Cenzic has the
most comprehensive solutions to meet your application security penetration
testing and vulnerability management needs. You have an option to go with a
managed service (Cenzic ClickToSecure) or an enterprise software
(Cenzic Hailstorm). Download FREE whitepaper on how a managed service can
help you: http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com for details.
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:56:03 EDT