Hacking Norton's internet security suite
I was onsite today for a small company whose owner runs a 7 computer LAN. The two computers on his desk are the only XP machines, relatively new. There's four win98 machines and a linux-based camera system (Samsung).
On his XP machines, he's using Norton's security suite, including their firewall. Everything else is wide open but behind a Linksys. He wants to make sure no one on the LAN is getting into his desktops.
I boot up linux, ran "ettercap -C" to look for hosts, and it failed to see any at the two ip's. Then I ran "nmap -sS..." and it failed to see anything at those ip's. Both those programs run against a Windows XP firewall would've seen them.
For all my griping about this fat baby, it's a pretty good firewall, better than I thought. Are there other switches I could run against Norton's that would betray it?
Just curious, I like testing this stuff. Thanks.
Re: Hacking Norton's internet security suite
Quote:
Originally posted here by brokencrow
I was onsite today for a small company whose owner runs a 7 computer LAN. The two computers on his desk are the only XP machines, relatively new. There's four win98 machines and a linux-based camera system (Samsung).
On his XP machines, he's using Norton's security suite, including their firewall. Everything else is wide open but behind a Linksys. He wants to make sure no one on the LAN is getting into his desktops.
I boot up linux, ran "ettercap -C" to look for hosts, and it failed to see any at the two ip's. Then I ran "nmap -sS..." and it failed to see anything at those ip's. Both those programs run against a Windows XP firewall would've seen them.
For all my griping about this fat baby, it's a pretty good firewall, better than I thought. Are there other switches I could run against Norton's that would betray it?
Just curious, I like testing this stuff. Thanks.
Hmmm, good info. I've never paid attention to which firewalls would reply how ('cept the SP2 built in one, which we know is oken-bray).
You might consider a passive sniff on the network for awhile. If the Linksys is switched and won't give you data, you might try some arp poisoning to put the switch into a hub-like state, so you CAN see the traffic. However, this won't give you anymore info that a proper system scan would, I believe.
