|
-
December 16th, 2001, 03:48 AM
#1
Question!
OK i have a server.. running on Apache..
im wondering if crackers can manage to know what firewall im using.. i wanna know how they can do it and how i can stop them from doing it...
if anyone can answer this queston.. please reply..
-
December 16th, 2001, 05:54 AM
#2
Senior Member
It depends on the firewall. If you have a separate box dedicated as your firewall in a DMZ situation, they may be able to id the OS of the firewall by a portscan that does TCP stack signature identification. If you firewall is set up to not send an RST to connection requests to invalid ports, they can't get a stack signature unless they know what ports are legal (in this case your WWW port 80, 8080, or whatever you have it set up to listen to.) If they can get a packet from your firewall, they can do the id. If you are running a software firewall (such as ZoneAlarm) I'm not sure how the process will go. NOTE: For hardware firewalls, there is a process to map the network behind the firewall. Therefore, you should incorporate more than just a firewall. You should combine your firewall with an IDS and a Proxy filter setup. An excellent paper on TCP stack OS identification is located at Insecure.Org. If you want to know how to map a network through the firewall, do a search on google for "firewalk" Good luck and Hope I at least answered some of your questions.
Happy Hacking
-----------------------------------------------------
Warfare is the Way of deception.
-Sun Tzu \"The Art of War\"
Posting Permissions
- You may not post new threads
- You may not post replies
- You may not post attachments
- You may not edit your posts
-
Forum Rules
|
|
