Hi again all, Since I get many
>Do you get any headers from >21,23,25,80,110,119,443,8080? I will remind you that that ports on the unknown device are exactly the same as on the webserver so I assume that they are forwards. Proper checks of the banners on the device have been done and they are the same as the ones of the corresponding ports on the webserver. The only remaining port that doesn't looks a forward to the webserver is 53. I successfully compromised a low account on the webserver and verified the fact that no nameserver is running on it. So either it is a forward to another box, either it is a daemon on the device itself (eliminates the fact of it being a cisco/firewall?) that is handling the requests. But now, how can I fingerprint the device since all ports are forwards? even on the internal adapter's port 23 I do not see any telltale sign of any way to administer it remotely. Could it be (like one person suggested off the list) a Checkpoint? A fact that goes in this theory is that an account exists on a NT workstation/mailserver (do not remember which) that has a login name of Borderware and a password of CheckPoint. Any insights? --TB _________________________________________________________________ MSN Photos is the easiest way to share and print your photos: http://photos.msn.com/support/worldwide.aspx ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
