It's been known for a while that if you find a host with open TCP port 256,257 and 258, you can be pretty sure it's a Firewall-1 box ( please refer to : http://online.securityfocus.com/archive/1/18701 ). I did some additional poking at the system and found out that if you connect to port 257 and you hit a few keys, the server will return fwa1 string. Here is the sequences that works for me: 1. hit enter 2. hit a few keys (2-3 is enough) 3. hit enter the server will return the fwa1 string. Example (my input was enter+test+enter): [sacha@hole sacha]$ nc 1.1.1.1 257 30000005 test fwa1 [sacha@hole sacha]$ If you hit other sequences, you data but no fwa1 string. I didn't seen this feature mentioned. If this is already known, please ignore this post. This was discovered on a client system so I don't have all the details of the firewall config for now. All I know is it's a FW1 box. On what I have no idea. --------- Sacha Faust sachaat_private
This archive was generated by hypermail 2b30 : Tue Apr 02 2002 - 14:48:46 PST