From: vtlists@wyae.de
Date: Tue Jun 12 2007 - 03:48:22 EDT
Harold Castro writes:
> I'm new in pen testing.
> Recently, I came across this firewall appliance
> running Apache/1.3.26
> (Unix) mod_dtcl mod_ssl/2.8.10 OpenSSL/0.9.7 during an
> external pentest.
>
> The nmap output on OS fingerprinting and service
> detection looks like:
>
> Running (JUST GUESSING) : Nokia IPSO (98%), Checkpoint
> IPSO (90%) OS fingerprint not ideal because: Missing a
> closed TCP port so results incomplete Aggressive OS
> guesses: Nokia IP650 firewall appliance (runs IPSO 4.0
> and CheckPoint Firewall-1/VPN-1 software) (98%), Nokia
> IPSO 4.1Build19 firewall (94%), Checkpoint VPN-1
> running IPSO 4.1 (90%)
>
> According to nessus and nikto scans, the apache and
> mod_ssl running on this particular host has several
> high risk vulnerabilities.
Hmmm - are you sure that the apache is running on the firewall? I think a
simple incoming NAT port forwarding to a separate server is more probable
than an apache on the Checkpoint/Nokia appliance.
You can crosscheck the NMAP result with an ikescan if you test if there are
CKP-specific ports open (FW1topo comes to mind) or for the
checkpoint-specific IKE modes, which will give you the exact CKP version,
too.
Bye
Volker
-- Volker Tanger http://www.wyae.de/volker.tanger/ -------------------------------------------------- vtlists@wyae.de PGP Fingerprint 378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB ------------------------------------------------------------------------ This List Sponsored by: Cenzic Are you using SPI, Watchfire or WhiteHat? Consider getting clear vision with Cenzic See HOW Now with our 20/20 program! http://www.cenzic.com/c/2020 ------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:52 EDT