> You are making sense and I have seen the same thing. NMAP can't identify > the servers behind the PIX. That's a good thing. Yes, I agree with you. But then, it also makes PIX identification easier. > > I am not sure how you identify the PIX. How do you fingerprint > servers when > you don't know what the servers are or if they are behind a PIX? It was easy this time. If the PIX has the "fixup protocol smtp" enabled it would act as a "proxy" for smtp connections. The banner you would see then is something like this: 220 ********0********************************************0*2******00 ***************2******200***0********0*00 About the servers, IIS 5.0 was kind enough to provide me some info about the system :) Cheers Fernando -- Fernando Cardoso - Security Consultant WhatEverNet Computing, S.A. Phone : +351 21 7994200 Praca de Alvalade, 6 - Piso 6 Fax : +351 21 7994242 1700-036 Lisboa - Portugal email : fernando.cardosoat_private http://www.whatevernet.com/ > _____________________________________________________________________ INTERNET MAIL FOOTER A presente mensagem pode conter informação considerada confidencial. Se o receptor desta mensagem não for o destinatário indicado, fica expressamente proibido de copiar ou endereçar a mensagem a terceiros. Em tal situação, o receptor deverá destruir a presente mensagem e por gentileza informar o emissor de tal facto. --------------------------------------------------------------------- Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. ---------------------------------------------------------------------
This archive was generated by hypermail 2b30 : Fri May 25 2001 - 10:55:35 PDT