If I had to guess, I would say BorderWare Firewall Server (http://www.borderware.com/products/fw/fwserver.html). It has proxy support for the protocols that use the open ports you found from the Internet and it uses port 442 for management over HTTPS. Cheers Fernando -- Fernando Cardoso - Security Consultant WhatEverNet Computing, S.A. Phone : +351 21 7994200 Praca de Alvalade, 6 - Piso 6 Fax : +351 21 7994242 1700-036 Lisboa - Portugal email : fernando.cardosoat_private http://www.whatevernet.com/ > > > Hi list, > > Recently I came against a weird network infrastructure. Can you help me > identify the types of devices used? > > I have this: > > [Internet] > ---------------------- > [An unknown device] > ---------------------------------------- > [Box 1-Webserver] [Box 2-Mailserver] > > I was able to compromise the mailserver using web exploits. > Portscans of each devices from either the internet or the > mailserver yields > different results as shown above. > > ------------------ > From the internet: > ------------------ > Unknown device: > Open ports: 21,23,25,53,80,109,110,442 > Closed ports: 49400,54320,61439,61440,61441,65301 > Filtered: Everything else > Replies to echo requests: No > Nmap tcp fingerprint: FreeBSD 2.2.1 - 4.1, FreeBSD 4.1.1 - 4.3 (X86) > > Webserver: > Open ports: 21,80,3306 > Closed ports: 49400,54320,61439,61440,61441,65401 > Filtered: Everything else > Replies to echo requests: No > Nmap tcp fingerprint: FreeBSD 2.2.1 - 4.1, FreeBSD 4.1.1 - 4.3 (X86) > > Mailserver: > Open ports: 80,110 > Closed ports: None > Filtered: Everything else > Replies to echo requests: No > Nmap tcp fingerprint: spcheck reports SP6 b1381 > [...] _____________________________________________________________________ INTERNET MAIL FOOTER A presente mensagem pode conter informação considerada confidencial. Se o receptor desta mensagem não for o destinatário indicado, fica expressamente proibido de copiar ou endereçar a mensagem a terceiros. Em tal situação, o receptor deverá destruir a presente mensagem e por gentileza informar o emissor de tal facto. --------------------------------------------------------------------- Privileged or confidential information may be contained in this message. If you are not the addressee indicated in this message, you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. --------------------------------------------------------------------- ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Tue Aug 20 2002 - 09:58:58 PDT