I came across this post in the nmap list. While it's pulled out of a technical thread, I thought you might be interested to know about this Gauntlet functiionality. cu -pete > -------- Original Message -------- > Subject: Re: hacking TCP. > Date: Mon, 28 Jun 1999 23:14:17 -0400 > From: "Scott Havlak" <[EMAIL PROTECTED]> > Reply-To: "Scott Havlak" <[EMAIL PROTECTED]> > To: <[EMAIL PROTECTED]> > > >Something which the nmap hackers might like to ponder over is the > >latest technology inside Gauntlet firewalls - the supposed ability > >to change a connection from proxy to packet filter and back. One > >would think that if different OS's were at the end points, the > >connection would have different fingerprints during its lifetime. > >Can nmap detect this ? > > > I have done extensive testing with Gauntlet on all platforms using nmap. > The Gauntlet (4.X-5.0) packet filter seems to mask the real OS > fingerprint. > Scan a Gauntlet firewall on ports where proxies are typically running > (like > 80, 21, 25, etc...) and then scan ports that are typically protected by > a > packet filter rule (like 514 and 6000) and compare the results. The > first > scan will properly detect the OS on all Unix platforms, but the second > will > not. Not sure the effect the "adaptive proxy" will have, but I would > imagine that it would be similar. Will be sure to try it... > > S > - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
