Harold Castro writes:
I'm new in pen testing.
Recently, I came across this firewall appliance
running Apache/1.3.26
(Unix) mod_dtcl mod_ssl/2.8.10 OpenSSL/0.9.7 during an
external pentest.
The nmap output on OS fingerprinting and service
detection looks like:
Running (JUST GUESSING) : Nokia IPSO (98%), Checkpoint
IPSO (90%) OS fingerprint not ideal because: Missing a
closed TCP port so results incomplete Aggressive OS
guesses: Nokia IP650 firewall appliance (runs IPSO 4.0
and CheckPoint Firewall-1/VPN-1 software) (98%), Nokia
IPSO 4.1Build19 firewall (94%), Checkpoint VPN-1
running IPSO 4.1 (90%)
According to nessus and nikto scans, the apache and
mod_ssl running on this particular host has several
high risk vulnerabilities.
Hmmm - are you sure that the apache is running on the firewall? I think a
simple incoming NAT port forwarding to a separate server is more probable
than an apache on the Checkpoint/Nokia appliance.
You can crosscheck the NMAP result with an ikescan if you test if there are
CKP-specific ports open (FW1topo comes to mind) or for the
checkpoint-specific IKE modes, which will give you the exact CKP version,
too.
Bye
Volker
--
Volker Tanger http://www.wyae.de/volker.tanger/
--------------------------------------------------
vtlists@wyae.de PGP Fingerprint
378A 7DA7 4F20 C2F3 5BCC 8340 7424 6122 BB83 B8CB
------------------------------------------------------------------------
This List Sponsored by: Cenzic
Are you using SPI, Watchfire or WhiteHat?
Consider getting clear vision with Cenzic
See HOW Now with our 20/20 program!
http://www.cenzic.com/c/2020
------------------------------------------------------------------------
