Re: Understanding Firewall-1 Configs

I'll start from the end - :)

to scan with no ping , you can use: nmap -P0 -sT %ip subnet% %ipsubnet%= the subnet you want to scan i.e. 192.168.0.0/24 (while 24 is the number of network asigned bits).

To the more complex section for you my friend , I would not use Windows systems infront of the internet , let alone checkpoint firewall-1 4.1 SP1 - Upgrade to NG (or at least SP6).

You should not fear of an attack taking down the firewall , as I see it it will be much simpler to exploit what your firewall doesnt check - port 53 to the DNS server (check for microsoft DNS exploits) port 80 and 443 on your web server (check for IIS exploits).

I would recommend using Nessus (at www.nessus.org) to check for vuln. of your machines.

TheOg

amy_morgan@hushmail.com wrote:

Do you need help?

In addition to our free technical library, Pantek provides professional IT services to companies who utilize Open Source software: Learn more about Pantek's Technical Support offerings Place an order for 24/7/365 Technical Support here Learn more about Pantek, who we are, and what we do Chat with a Live Operator Related securityfocus.com Links bugtraq certification focus-bsd focus-ids focus-ih focus-linux focus-ms focus-sun focus-unix-other focus-virus forensics incidents libnet linux-secnews ms-secnews pen-test secpapers secprog sectools secureshell security-basics securityjobs sf-news vuln-dev webappsec Request more information about Pantek

>-----BEGIN PGP SIGNED MESSAGE-----
Received on Tue Jan 21 01:06:33 2003