Juniper

From Rory.wiki

Jump to: navigation, search

Notes

Traffic will flow between interfaces in the same zone without policy configuration (unless intrazone blocking is enabled)

There can be multiple virtual routers defined on the device. designed to restrict routing information about internal/trusted zones from leaking to untrusted hosts/networks.

Without specific exported routes, traffic will not flow from one virtual router to another, even if FW access lists allow it.

Some devices may have a default policy allowing all traffic from the trust --> untrust zones

Whether devices expose management ports is determined by set interface <interface_name> manage (ping|webui|telnet|snmp|ssh)

if set admin manager-ip <ip-address> <netmask> isn't set the device will be manageable from any source address on an interface which has management activated.

There's a vulnerability in older versions of ScreenOS which allows for display of the version of ScreenOS in use. on an interface where management is enabled, go to https:<ip-address>/about.html and it'll display an about page (no authentication required)

Acquiring the Config

from the WebUI. Configuration-->Update-->Config File in the menu system. Then click "Save to File" in the Download configuration from device section.

Password Auditing

It's possible to use john the ripper to do password hash auditing on a netscreen firewall. You'll need john + the jumbo patch to get it working.

The format to put the passwords in is

<user_name>:<user_name>$<password_hash>

Auditing

There's a couple of tools that can be used to analyse the firewall rulebase. Nipper and Algosec are commercial. ns2html is GPL, doesn't do as much, although it provides a nice visualisation of the rules, but hey it's free so no complaints here :)

Pre-Defined Service

There are a number of pre-defined services in ScreenOS (so they won't necessarily appear in the services definition section of the config). Mostly they're self-explanatory, but here's a list from ScreenOS 4.

Name                     Proto        Port Group      Timeout(min)  Flag
ANY                          0     0/65535 other         default    Pre-defined
AOL                          6   5190/5194 remote        default    Pre-defined
BGP                          6         179 other         default    Pre-defined
DHCP-Relay                  17          67 info seeking  default    Pre-defined
DNS                         17          53 info seeking  default    Pre-defined
FINGER                       6          79 info seeking  default    Pre-defined
FTP                          6          21 remote        default    Pre-defined
FTP-Get                      6          21 remote        default    Pre-defined
FTP-Put                      6          21 remote        default    Pre-defined
GOPHER                       6          70 info seeking  default    Pre-defined
H.323                        6        1720 remote           2160    Pre-defined
HTTP                         6          80 info seeking        5    Pre-defined
HTTPS                        6         443 security      default    Pre-defined
ICMP-INFO                    1     0/65535 other         default    Pre-defined
ICMP-TIMESTAMP               1     0/65535 other         default    Pre-defined
IKE                         17         500 security      default    Pre-defined
IMAP                         6         143 email         default    Pre-defined
Internet Locator Service     6         389 info seeking  default    Pre-defined
IRC                          6   6660/6669 remote        default    Pre-defined
L2TP                         6        1701 remote        default    Pre-defined
MAIL                         6          25 email         default    Pre-defined
NetMeeting                   6        1720 remote           2160    Pre-defined
LDAP                         6         389 info seeking       30    Pre-defined
NFS                         17         111 remote             40    Pre-defined
SUN-RPC                     17         111 remote             40    Pre-defined
NNTP                         6         119 info seeking  default    Pre-defined
NS Global                    6       15397 remote        default    Pre-defined
NS Global PRO                6       15397 remote        default    Pre-defined
NTP                         17         123 other         default    Pre-defined
OSPF                        89     0/65535 other         default    Pre-defined
PC-Anywhere                 17        5632 remote        default    Pre-defined
PING                         1     0/65535 other         default    Pre-defined
POP3                         6         110 email         default    Pre-defined
PPTP                         6        1723 security      default    Pre-defined
Real Media                   6        7070 info seeking  default    Pre-defined
RIP                         17         520 other         default    Pre-defined
RLOGIN                       6         513 remote        default    Pre-defined
SNMP                        17         161 other         default    Pre-defined
SSH                          6          22 security      default    Pre-defined
SYSLOG                      17         514 other         default    Pre-defined
TALK                        17     517/518 other         default    Pre-defined
TCP-ANY                      6     0/65535 other         default    Pre-defined
TELNET                       6          23 remote        default    Pre-defined
TFTP                        17          69 remote        default    Pre-defined
TRACEROUTE                   1     0/65535 other         default    Pre-defined
UDP-ANY                     17     0/65535 other         default    Pre-defined
UUCP                        17         540 remote        default    Pre-defined
VDO Live                     6   7000/7010 info seeking  default    Pre-defined
WAIS                         6         210 info seeking  default    Pre-defined
WINFRAME                     6        1494 remote        default    Pre-defined
X-WINDOWS                    6   6000/6063 remote        default    Pre-defined
SQL*Net V1                   6        1525 other         default    Pre-defined
SQL*Net V2                   6        1521 other         default    Pre-defined