RE: Pentesting Old unsupported Firewall Appliances

From: Clemens, Dan (Dan.Clemens@healthsouth.com)
Date: Fri Jun 15 2007 - 14:22:57 EDT

• Next message: sherwyn.williams@gmail.com: "Pen Testing Finjan Appliance"
• Previous message: mOses: "Firewall Leak Testing Was Re: Pentesting Old unsupported Firewall Appliances"
• In reply to: Jamie Riden: "Re: Pentesting Old unsupported Firewall Appliances"
• Next in thread: Tiago Batista: "Re: Pentesting Old unsupported Firewall Appliances"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

 



On 11/06/07, Harold Castro <b0ydaem0n@yahoo.com> wrote:
> Hi,
...
> Since I'm doing an external black box pentest, I have to rely on some
> tools for OS fingerprinting. Nmap guesses it to be either Nokia IPSO
> 4.0 or 4.1Build19.
> Now I tried googling for that particular appliance
> (IP650) and I found out that the appliance is too old as its existence

> dates back as early as 1999. I'm having a hard time trying to find
> anything that can be useful for this

IP650 is the hardware model.
The IP650 model is fairly old, but you can still run newer versions of
IPSO (operating system) on it.

IPSO 4.1Buildxxx would be the operating system version and Checkpoint is
the application running on the operation system.

IPSO is a bsd based os and IPSO Build019 was released on 09/21/2006.

The most recent IPSO build/rev is IPSO 4.2 Build 041 which was released
on 05/24/2007.

I don't recall there being any real security issues with IPSO since this
release but I could be wrong.
Most IPSO updates & enhancements don't focus around security bug fixes
but functionality bug fixes.

Assuming your results are correct it may be more accurate that the
firewall device is doing port forwarding to another system for the other
results that had been mentioned.

If I was doing this assessment I wouldn't worry that much about the IPSO
rev level, but what services are open on this box remotely from the
internet and vulnerabilities in other hosts (and or problems in the
checkpoint rev running on the ipso).

Hope this information helps.

Daniel Clemens








-----------------------------------------
Confidentiality Notice: This e-mail communication and any
attachments may contain confidential and privileged information for
the use of the designated recipients named above. If you are not
the intended recipient, you are hereby notified that you have
received this communication in error and that any review,
disclosure, dissemination, distribution or copying of it or its
contents is prohibited. If you have received this communication in
error, please notify me immediately by replying to this message and
deleting it from your computer. Thank you.

------------------------------------------------------------------------
This List Sponsored by: Cenzic

Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!

http://www.cenzic.com/c/2020
------------------------------------------------------------------------

• Next message: sherwyn.williams@gmail.com: "Pen Testing Finjan Appliance"
• Previous message: mOses: "Firewall Leak Testing Was Re: Pentesting Old unsupported Firewall Appliances"
• In reply to: Jamie Riden: "Re: Pentesting Old unsupported Firewall Appliances"
• Next in thread: Tiago Batista: "Re: Pentesting Old unsupported Firewall Appliances"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:52 EDT