Fingerprints in Astaro Security Gateway v7.1

morin.josh@xxxxxxxxx · 28 Dec 2007 05:06:12 -0000

Vendor Site: http://www.astaro.com/
Firmware Version: 7.100 
Pattern Version: 5661 
Kernel: default-2.6.16.43-54.5

Overview: The following fingerprints discovered could allow an attacker to craft a malicious HTTP packet and or leverage other attacks via port 80 & 8080. Nmap services scan (-sV) most take place internal to the network. 

HTTP 

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port80-TCP:V=4.20%I=7%D=12/24%Time=476F3D7F%P=i686-pc-windows-windows%r

SF:(GetRequest,94F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nDate:\x20Mon,\x2

SF:024\x20Dec\x202007\x2000:02:35\x20GMT\r\nPragma:\x20no-cache\r\nCache-C

SF:ontrol:\x20no-cache\r\nContent-Type:\x20text/html;\x20charset=\"UTF-8\"

SF:\r\nPragma:\x20no-cache\r\nCache-control:\x20no-cache\r\nContent-Length

SF::\x202143\r\nProxy-Connection:\x20close\r\n\r\n<!DOCTYPE\x20html\x20PUB

SF:LIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Transitional//EN\"\x20\"http:/

SF:/www\.w3\.org/TR/html4/loose\.dtd\">\n<html>\n<head>\n<meta\x20http-equ

SF:iv=\"Content-Type\"\x20content=\"text/html;\x20charset=UTF-8\">\n<title

SF:>The\x20requested\x20URL\x20could\x20not\x20be\x20retrieved</title>\n<l

SF:ink\x20href=\"http://passthrough\.fw-notify\.net/static/default\.css\"\

SF:x20rel=\"stylesheet\"\x20type=\"text/css\">\n<script\x20type=\"text/jav

SF:ascript\"\x20src=\"http://passthrough\.fw-notify\.net/static/default\.j

SF:s\"></script>\n</head>\n<body\x20onLoad=\"checkResize\(\)\"><div\x20id=

SF:\"emsg_large\"></div><table\x20class=\"table_white\"\x20cellpadding=\"1

SF:0\"\x20cellspacing=\"0\"\x20border=\"0\">\n<tr\x20class=\"table_white\"

SF:><td\x20align=\"center\">\n<img\x20src=\"http://passthrough\.fw-notify\

SF:.net")%r(HTTPOptions,94F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nDate:\x

SF:20Mon,\x2024\x20Dec\x202007\x2000:02:35\x20GMT\r\nPragma:\x20no-cache\r

SF:\nCache-Control:\x20no-cache\r\nContent-Type:\x20text/html;\x20charset=

SF:\"UTF-8\"\r\nPragma:\x20no-cache\r\nCache-control:\x20no-cache\r\nConte

SF:nt-Length:\x202143\r\nProxy-Connection:\x20close\r\n\r\n<!DOCTYPE\x20ht

SF:ml\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Transitional//EN\"\x2

SF:0\"http://www\.w3\.org/TR/html4/loose\.dtd\";>\n<html>\n<head>\n<meta\x2

SF:0http-equiv=\"Content-Type\"\x20content=\"text/html;\x20charset=UTF-8\"

SF:>\n<title>The\x20requested\x20URL\x20could\x20not\x20be\x20retrieved</t

SF:itle>\n<link\x20href=\"http://passthrough\.fw-notify\.net/static/defaul

SF:t\.css\"\x20rel=\"stylesheet\"\x20type=\"text/css\">\n<script\x20type=\

SF:"text/javascript\"\x20src=\"http://passthrough\.fw-notify\.net/static/d

SF:efault\.js\"></script>\n</head>\n<body\x20onLoad=\"checkResize\(\)\"><d

SF:iv\x20id=\"emsg_large\"></div><table\x20class=\"table_white\"\x20cellpa

SF:dding=\"10\"\x20cellspacing=\"0\"\x20border=\"0\">\n<tr\x20class=\"tabl

SF:e_white\"><td\x20align=\"center\">\n<img\x20src=\"http://passthrough\.f

SF:w-notify\.net");

HTTP-Proxy

==============NEXT SERVICE FINGERPRINT (SUBMIT INDIVIDUALLY)==============

SF-Port8080-TCP:V=4.20%I=7%D=12/24%Time=476F3D7F%P=i686-pc-windows-windows

SF:%r(GetRequest,94F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nDate:\x20Mon,\

SF:x2024\x20Dec\x202007\x2000:02:35\x20GMT\r\nPragma:\x20no-cache\r\nCache

SF:-Control:\x20no-cache\r\nContent-Type:\x20text/html;\x20charset=\"UTF-8

SF:\"\r\nPragma:\x20no-cache\r\nCache-control:\x20no-cache\r\nContent-Leng

SF:th:\x202143\r\nProxy-Connection:\x20close\r\n\r\n<!DOCTYPE\x20html\x20P

SF:UBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Transitional//EN\"\x20\"http

SF:://www\.w3\.org/TR/html4/loose\.dtd\">\n<html>\n<head>\n<meta\x20http-e

SF:quiv=\"Content-Type\"\x20content=\"text/html;\x20charset=UTF-8\">\n<tit

SF:le>The\x20requested\x20URL\x20could\x20not\x20be\x20retrieved</title>\n

SF:<link\x20href=\"http://passthrough\.fw-notify\.net/static/default\.css\

SF:"\x20rel=\"stylesheet\"\x20type=\"text/css\">\n<script\x20type=\"text/j

SF:avascript\"\x20src=\"http://passthrough\.fw-notify\.net/static/default\

SF:.js\"></script>\n</head>\n<body\x20onLoad=\"checkResize\(\)\"><div\x20i

SF:d=\"emsg_large\"></div><table\x20class=\"table_white\"\x20cellpadding=\

SF:"10\"\x20cellspacing=\"0\"\x20border=\"0\">\n<tr\x20class=\"table_white

SF:\"><td\x20align=\"center\">\n<img\x20src=\"http://passthrough\.fw-notif

SF:y\.net")%r(HTTPOptions,94F,"HTTP/1\.1\x20400\x20Bad\x20Request\r\nDate:

SF:\x20Mon,\x2024\x20Dec\x202007\x2000:02:35\x20GMT\r\nPragma:\x20no-cache

SF:\r\nCache-Control:\x20no-cache\r\nContent-Type:\x20text/html;\x20charse

SF:t=\"UTF-8\"\r\nPragma:\x20no-cache\r\nCache-control:\x20no-cache\r\nCon

SF:tent-Length:\x202143\r\nProxy-Connection:\x20close\r\n\r\n<!DOCTYPE\x20

SF:html\x20PUBLIC\x20\"-//W3C//DTD\x20HTML\x204\.01\x20Transitional//EN\"\

SF:x20\"http://www\.w3\.org/TR/html4/loose\.dtd\";>\n<html>\n<head>\n<meta\

SF:x20http-equiv=\"Content-Type\"\x20content=\"text/html;\x20charset=UTF-8

SF:\">\n<title>The\x20requested\x20URL\x20could\x20not\x20be\x20retrieved<

SF:/title>\n<link\x20href=\"http://passthrough\.fw-notify\.net/static/defa

SF:ult\.css\"\x20rel=\"stylesheet\"\x20type=\"text/css\">\n<script\x20type

SF:=\"text/javascript\"\x20src=\"http://passthrough\.fw-notify\.net/static

SF:/default\.js\"></script>\n</head>\n<body\x20onLoad=\"checkResize\(\)\">

SF:<div\x20id=\"emsg_large\"></div><table\x20class=\"table_white\"\x20cell

SF:padding=\"10\"\x20cellspacing=\"0\"\x20border=\"0\">\n<tr\x20class=\"ta

SF:ble_white\"><td\x20align=\"center\">\n<img\x20src=\"http://passthrough\

SF:.fw-notify\.net");