From: Bernardo Wernesback (bernardosw@gmail.com)
Date: Mon Mar 13 2006 - 15:18:21 EST
Hi Paul,
I am not so sure about that restriction on external access to port
2456. I believe it comes open to any of the interfaces (could be wrong
on that). ;)
Also, if the box is running SGS 3.0, SSH server used is the open
standard - you can connect to it by using any SSH client. (comes
disabled by default).
Nice day to all!
On 3/13/06, Paul Melson <pmelson@gmail.com> wrote:
> -----Original Message-----
> Subject: RE: SGS 5400 firewalls
>
> > You might want to start by looking for TCP port 2456. This is the SSL web
> based management
> > port. Admin is a good username to start with. Also look for TCP port 22
> (i.e. OpenSSH).
> >
> > Be advised, if the admins are smart, they have added filters to protect
> these ports external
> > connections. The logging is also very good so whatever you try, they
> should notice it.
>
> By default, SGMI (port 2456) is only accessible via the interface that is
> designated as the 'Inside' interface as configured via the front panel LED.
> Additionally, instead of a traditional SSH connection, these firewalls use a
> proprietary service the vendor calls Secure Remote Login that listens on
> TCP/423 (not TCP/22). This service relies on both a shared secret for the
> SRL service as well as valid firewall admin credentials (so 1 user/pass
> pair, plus a shared secret). It requires a custom client that Symantec
> provides (a modified TeraTerm Pro) called srlclient8. This service is also
> only accessible via the 'Inside' interface by default.
>
> So if this is an external pen test of the firewall, and you can connect to
> 2456 (should get SSL challenge for cert signed by internal CA) or TCP/423,
> these are findings in and of themselves, regardless of whether or not you
> can actually authenticate and use these services to gain access to the
> device.
>
> PaulM
>
>
>
>
> ------------------------------------------------------------------------------
> This List Sponsored by: Cenzic
>
> Concerned about Web Application Security?
> As attacks through web applications continue to rise, you need to proactively
> protect your applications from hackers. Cenzic has the most comprehensive
> solutions to meet your application security penetration testing and
> vulnerability management needs. You have an option to go with a managed
> service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
> Download FREE whitepaper on how a managed service can help you:
> http://www.cenzic.com/news_events/wpappsec.php
> And, now for a limited time we can do a FREE audit for you to confirm your
> results from other product. Contact us at request@cenzic.com
> ------------------------------------------------------------------------------
>
>
------------------------------------------------------------------------------
This List Sponsored by: Cenzic
Concerned about Web Application Security?
As attacks through web applications continue to rise, you need to proactively
protect your applications from hackers. Cenzic has the most comprehensive
solutions to meet your application security penetration testing and
vulnerability management needs. You have an option to go with a managed
service (Cenzic ClickToSecure) or an enterprise software (Cenzic Hailstorm).
Download FREE whitepaper on how a managed service can help you:
http://www.cenzic.com/news_events/wpappsec.php
And, now for a limited time we can do a FREE audit for you to confirm your
results from other product. Contact us at request@cenzic.com
------------------------------------------------------------------------------
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:55:40 EDT