No announcement yet.

pix firewalls

  • Filter
  • Time
  • Show
Clear All
new posts

  • pix firewalls

    okay.. here goes. I've been asked to help test out our pix firewall for security. I have never played with a pix, and in this case still do not have access to the pix for my edification. However, I have started down those basic steps of info gathering, sploit reviewing, etc.

    Any suggestions as to how I might take this thing on? Anyone with pix experience? I would like to find something exploitable to seal (my personal goal), but have limited resources to work with.
    if it gets me nowhere, I'll go there proud; and I'm gonna go there free.

  • #2
    This is what I would do:

    - Grab phillips head screw driver.
    - Unscrew case.
    - Remove hard disk, cdrom or other storage device.
    - Replace with my own.
    - Screw back together.

    Ok I know this doesn't help but anyway ;)
    "I'm not a robot like you. I don't like having disks crammed into me... unless they're Oreos, and then only in the mouth."


    • #3
      they are as tight as I've read I take it? hmm...
      if it gets me nowhere, I'll go there proud; and I'm gonna go there free.


      • #4
        Actually...if you have physical access you don't need a screwdriver. There are two thumbscrews on the front of the PIX. Pull off that plate and there is a floppy drive. Insert floppy and go to town.
        perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'


        • #5
          unfortunately physical access isn't available, to me or others
          if it gets me nowhere, I'll go there proud; and I'm gonna go there free.


          • #6
            I'm sure you found this already, but if not here is a pretty good place to start:

            perl -e 'print pack(c5, (41*2), sqrt(7056), (unpack(c,H)-2), oct(115), 10)'


            • #7

              I have a couple PIX 515's that I thought about taking to the con. I'd put their IP addresses on the case and a note that said "Hack me if you can."

              Seriously, they are very very secure...BUT...if you have access to the console port you can overwrite the admin password and their pix will become your pix.

              The slightest system modification to the pix takes a couple of master's degrees. I ditched them for Watchguard which I can tweak in real time. The Pix's just sit in a hot shed, burning up under the hot California sun.


              • #8
                d00d? would you sell em off? I need something to play with, cause I'm not making any progress without physical access, or experience with it to begin with...
                if it gets me nowhere, I'll go there proud; and I'm gonna go there free.


                • #9
                  We sold the pair for $1900, with software, but the guy has yet to come pick them up!


                  • #10
                    wow... they don't go on ebay for less than 2k each. and 3k is more of an average
                    if it gets me nowhere, I'll go there proud; and I'm gonna go there free.


                    • #11

                      Well the guy called today wanting to know where his pixes were. Hey he never sent a SASE so I wasn't worried. It would have been nice to have them at the con.

                      Oh, and yes the pixes ARE as secure as you have heard, however the word impenetrable can work both ways. Anytime we needed to tweak the box, we'd have to pay through the nose to get the CCIE off his rear end. And of course tax dollars won't send me to CCNA because then I'd be "overqualified" and leave.

                      Guess it's back to the Watchguard.


                      • #12
                        it can be done if.

                        Now I don't know what PIX you have. I have many clients that have either the 501 or 506. The only way I have been able to break into one and change the config (becuase I had to try, I mean if I can do it, then. . .) is if the guy who set it up was dumb and left Telnet open on it.

                        If you can telnet to it, there is the possibility of a brute forcing the password . Not exactly the cool way, but it can work. As far as I recall there is no perminent password lockout, just tedious because you have to reconnect after 3 tries.

                        And you can learn all about how to change the config on a PIX from Cisco's site. It's not as bad as some have made it sound, if the config is there, you pretty much just type that exact line back in or put a "no" and then type it in to remove that code, change the IP or port and viola!

                        I can't speak for the 515's, as I have never used them personally.

                        Of Course, I could be wrong.
                        -=[ So there we were. . . 9 against 1000. . . Toughest 9 we ever faced. ]=-


                        • #13
                          It is a 515, I learned early on that directly trying to syn/ack the thing was futile. It can be echo pinged, but I believe telnet has been disabled, save for console access...
                          if it gets me nowhere, I'll go there proud; and I'm gonna go there free.


                          • #14
                            is is more important to hack the box itself? Or just get around the box?

                            Pix are not very secure. They are a glorified packet filtering router. not even stateful inspection happening there so you can pretty much send what you want through one.
                            "Good people do not need laws to tell them to act responsibly, while bad people will find a way around the laws." - Plato


                            • #15
                              The pix is a 515, we actually used two. I can ask the guy oif we can keep them a little longer, maybe bring some watchguards as well and offer them up as hacking fodder. Of course I'd want to log the attempts to break in, and that machine would need to be safe. Anyone think they can set up a Pix 515?