Fingerprints in Astaro Security Gateway v7.1

Mon, 31 Dec 2007 07:55:26 -0800 

Vendor Site: http://www.astaro.com/

Firmware Version: 7.100 

Pattern Version: 5661 

Kernel: default-2.6.16.43-54.5


Overview: The following fingerprints discovered could allow an attacker to 
craft a malicious HTTP packet and or leverage other attacks via port 80 & 8080. 
Nmap services scan (-sV) most take place internal to the network. 



HTTP 


==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============


SF-Port80-TCP:V=4.20%I=7%D=12/24%Time=476F3D7F%P=i686-pc-windows-windows%r


SF:(GetRequest,94F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nDate:\x20Mon,\x2


SF:024\x20Dec\x202007\x2000:02:35\x20GMT\r\nPragma:\x20no-cache\r\nCache-C


SF:ontrol:\x20no-cache\r\nContent-Type:\x20text/html;\x20charset=\"UTF-8\"


SF:\r\nPragma:\x20no-cache\r\nCache-control:\x20no-cache\r\nContent-Length


SF::\x202143\r\nProxy-Connection:\x20close\r\n\r\n<!DOCTYPE\x20html\x20PUB


SF:LIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Transitional//EN\"\x20\"http:/


SF:/www\.w3\.org/TR/html4/loose\.dtd\">\n<html>\n<head>\n<meta\x20http-equ


SF:iv=\"Content-Type\"\x20content=\"text/html;\x20charset=UTF-8\">\n<title


SF:>The\x20requested\x20URL\x20could\x20not\x20be\x20retrieved</title>\n<l


SF:ink\x20href=\"http://passthrough\.fw-notify\.net/static/default\.css\"\


SF:x20rel=\"stylesheet\"\x20type=\"text/css\">\n<script\x20type=\"text/jav


SF:ascript\"\x20src=\"http://passthrough\.fw-notify\.net/static/default\.j


SF:s\"></script>\n</head>\n<body\x20onLoad=\"checkResize\(\)\"><div\x20id=


SF:\"emsg_large\"></div><table\x20class=\"table_white\"\x20cellpadding=\"1


SF:0\"\x20cellspacing=\"0\"\x20border=\"0\">\n<tr\x20class=\"table_white\"


SF:><td\x20align=\"center\">\n<img\x20src=\"http://passthrough\.fw-notify\


SF:.net")%r(HTTPOptions,94F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nDate:\x


SF:20Mon,\x2024\x20Dec\x202007\x2000:02:35\x20GMT\r\nPragma:\x20no-cache\r


SF:\nCache-Control:\x20no-cache\r\nContent-Type:\x20text/html;\x20charset=


SF:\"UTF-8\"\r\nPragma:\x20no-cache\r\nCache-control:\x20no-cache\r\nConte


SF:nt-Length:\x202143\r\nProxy-Connection:\x20close\r\n\r\n<!DOCTYPE\x20ht


SF:ml\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Transitional//EN\"\x2


SF:0\"http://www\.w3\.org/TR/html4/loose\.dtd\";>\n<html>\n<head>\n<meta\x2


SF:0http-equiv=\"Content-Type\"\x20content=\"text/html;\x20charset=UTF-8\"


SF:>\n<title>The\x20requested\x20URL\x20could\x20not\x20be\x20retrieved</t


SF:itle>\n<link\x20href=\"http://passthrough\.fw-notify\.net/static/defaul


SF:t\.css\"\x20rel=\"stylesheet\"\x20type=\"text/css\">\n<script\x20type=\


SF:"text/javascript\"\x20src=\"http://passthrough\.fw-notify\.net/static/d


SF:efault\.js\"></script>\n</head>\n<body\x20onLoad=\"checkResize\(\)\"><d


SF:iv\x20id=\"emsg_large\"></div><table\x20class=\"table_white\"\x20cellpa


SF:dding=\"10\"\x20cellspacing=\"0\"\x20border=\"0\">\n<tr\x20class=\"tabl


SF:e_white\"><td\x20align=\"center\">\n<img\x20src=\"http://passthrough\.f


SF:w-notify\.net");




HTTP-Proxy


==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============


SF-Port8080-TCP:V=4.20%I=7%D=12/24%Time=476F3D7F%P=i686-pc-windows-windows


SF:%r(GetRequest,94F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nDate:\x20Mon,\


SF:x2024\x20Dec\x202007\x2000:02:35\x20GMT\r\nPragma:\x20no-cache\r\nCache


SF:-Control:\x20no-cache\r\nContent-Type:\x20text/html;\x20charset=\"UTF-8


SF:\"\r\nPragma:\x20no-cache\r\nCache-control:\x20no-cache\r\nContent-Leng


SF:th:\x202143\r\nProxy-Connection:\x20close\r\n\r\n<!DOCTYPE\x20html\x20P


SF:UBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Transitional//EN\"\x20\"http


SF:://www\.w3\.org/TR/html4/loose\.dtd\">\n<html>\n<head>\n<meta\x20http-e


SF:quiv=\"Content-Type\"\x20content=\"text/html;\x20charset=UTF-8\">\n<tit


SF:le>The\x20requested\x20URL\x20could\x20not\x20be\x20retrieved</title>\n


SF:<link\x20href=\"http://passthrough\.fw-notify\.net/static/default\.css\


SF:"\x20rel=\"stylesheet\"\x20type=\"text/css\">\n<script\x20type=\"text/j


SF:avascript\"\x20src=\"http://passthrough\.fw-notify\.net/static/default\


SF:.js\"></script>\n</head>\n<body\x20onLoad=\"checkResize\(\)\"><div\x20i


SF:d=\"emsg_large\"></div><table\x20class=\"table_white\"\x20cellpadding=\


SF:"10\"\x20cellspacing=\"0\"\x20border=\"0\">\n<tr\x20class=\"table_white


SF:\"><td\x20align=\"center\">\n<img\x20src=\"http://passthrough\.fw-notif


SF:y\.net")%r(HTTPOptions,94F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nDate:


SF:\x20Mon,\x2024\x20Dec\x202007\x2000:02:35\x20GMT\r\nPragma:\x20no-cache


SF:\r\nCache-Control:\x20no-cache\r\nContent-Type:\x20text/html;\x20charse


SF:t=\"UTF-8\"\r\nPragma:\x20no-cache\r\nCache-control:\x20no-cache\r\nCon


SF:tent-Length:\x202143\r\nProxy-Connection:\x20close\r\n\r\n<!DOCTYPE\x20


SF:html\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Transitional//EN\"\


SF:x20\"http://www\.w3\.org/TR/html4/loose\.dtd\";>\n<html>\n<head>\n<meta\


SF:x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20charset=UTF-8


SF:\">\n<title>The\x20requested\x20URL\x20could\x20not\x20be\x20retrieved<


SF:/title>\n<link\x20href=\"http://passthrough\.fw-notify\.net/static/defa


SF:ult\.css\"\x20rel=\"stylesheet\"\x20type=\"text/css\">\n<script\x20type


SF:=\"text/javascript\"\x20src=\"http://passthrough\.fw-notify\.net/static


SF:/default\.js\"></script>\n</head>\n<body\x20onLoad=\"checkResize\(\)\">


SF:<div\x20id=\"emsg_large\"></div><table\x20class=\"table_white\"\x20cell


SF:padding=\"10\"\x20cellspacing=\"0\"\x20border=\"0\">\n<tr\x20class=\"ta


SF:ble_white\"><td\x20align=\"center\">\n<img\x20src=\"http://passthrough\


SF:.fw-notify\.net");

Reply via email to