Hi guys,

I am performing an authorized blackbox pentest (without any previous knowledge of the attacked network).

I need to know how to detect an external IPS/Firewall, because I think that it's blocking my scans.

I tried hping3 (XXX.XXX.XXX.XXX is the IP Address):
Code:
hping3 -S -p 25 --traceroute -V XXX.XXX.XXX.XXX
And noticed that there are 2 devices responding (different ID's on the TCP packet). Is this assumption correct? Here it goes the output:

Code:
len=44 ip=XXX.XXX.XXX.XXX ttl=58 DF id=29792 tos=0 iplen=44
sport=25 flags=SA seq=11 win=5840 rtt=17.3 ms
seq=3388072850 ack=224301 sum=eacf urp=0

len=44 ip=XXX.XXX.XXX.XXX ttl=58 DF id=55392 tos=0 iplen=44
sport=25 flags=SA seq=12 win=5840 rtt=19.1 ms
seq=3528531323 ack=1238135492 sum=413d urp=0

DUP! len=44 ip=XXX.XXX.XXX.XXX ttl=58 DF id=56672 tos=0 iplen=44
sport=25 flags=SA seq=8 win=5840 rtt=4066.7 ms
seq=544745881 ack=979545101 sum=21b9 urp=0

DUP! len=44 ip=XXX.XXX.XXX.XXX ttl=58 DF id=52577 tos=0 iplen=44
sport=25 flags=SA seq=11 win=5840 rtt=3463.8 ms
seq=3388072850 ack=224301 sum=eacf urp=0

len=44 ip=XXX.XXX.XXX.XXX ttl=58 DF id=1122 tos=0 iplen=44
sport=25 flags=SA seq=15 win=5840 rtt=14.1 ms
seq=3627026674 ack=2133064936 sum=6c8c urp=0
Could anyone with good TCP-IP knowledg help me out?

Thanks in advance!