I should have made myself clear. I have scanned my PIX. I know the hosts that are behind it and I have never been able to identify the hosts with NMAP. I am running load balanced web servers behind a PIX. I have never been able to identify the server OS with NMAP. Is there a secret? I am aware of doing banner checks. The scenario would be someone doing automated scans for Linux and using NMAP to put known Linux hosts into a file. Jason Lewis http://www.packetnexus.com http://www.packetnexus.com/kb/greyarts/ It's not secure "Because they told me it was secure". The people at the other end of the link know less about security than you do. And that's scary. -----Original Message----- From: Jacek Lipkowski [mailto:sq5bpfat_private] Sent: Friday, May 25, 2001 2:17 PM To: Jason Lewis Cc: 'Fernando Cardoso'; PEN-TESTat_private Subject: RE: PIX and ttl On Thu, 24 May 2001, Jason Lewis wrote: > I am not sure how you identify the PIX. How do you fingerprint servers when (this is just an example) check for any open smtp ports, if they are behind a pix (any you have 'conduit smtp 25' or something like this in the config file, which most people do), it will say: 220 SMAP (and some other crap) > you don't know what the servers are or if they are behind a PIX? usually you don't have to (if by fingerprinting you mean nmap -O), they usually give out way too much information anyway. check the http server banner for starters, see if there is any ssh installed, try to get some mail relayed through their mailserver, like a mail delivery notofication, preferably to postmaster or webmaster asking some stupid question. by now you usually know if it is unix or nt. dig deeper... jacek
This archive was generated by hypermail 2b30 : Sat May 26 2001 - 23:58:50 PDT