Hi a bv, First of all, personally i think it may be not the Check Point issue. I think it may be is the MS Windows issue. (But I don’t have enough information, just guess.)
You guess, it may be infected by some malware. If yes, I think you can use some on-line Virus Scanner to check your system. And then clean it. Also you can perform the forensic to your system. (Forensic example like : dump the RAM using Volatility, then analysis it; or run the Fport to check the open ports and their associated applications.) Volatility : https://www.volatilesystems.com/ Fport : http://www.foundstone.com/us/resources/proddesc/fport.htm The solutions are ....... 1. install the SPLAT. (Sorry ! Please forgive me give you this answer. XD) 2. re-install your windows system. 3. I think forensic analysis is needed !!! Thanks ! Regards, Little Lun --- 2009年7月13日 星期一,a bv <[email protected]> 寫道﹕ > 寄件人: a bv <[email protected]> > 主題: [FW-1] Standby Firewalls interesting connections > 收件人: [email protected] > 日期: 2009年7月13日,星期一,下午4:01 > Hi list, > > I have 2 boxes which Windows 2003 Server and NGX R65 is > installed. One > of them was working for a long time, and a short time ago > its switched > with the other one. For the aiming of installing the > patches of the > Windows (cause it was online so long and couldnt do it) , i > have gave > a local ip of one of the interfaces of the FW and gave > the rule at > the current online fw > if the source is that let any destination and any port. > While running > the MSBA also observed the rule at Smartview Tracker and > saw that the > firewall is reaching to other destinations with other ports > (not http > or https) like 1199, 4444, AOL, 135 etc. So im > curious about the > reason of this connections, and thinking the possibility of > an malware > infection. > > Ill have sometime to get work on this FW to fix it (also > thinking of > installing HFAs). And when needed of course we'll need this > one to get > online again. > So id like to here any recommendations to clean/fix > this up. (But > please dont tell me about installing SPLAT, Windows is not > my choice > and these are installed long time ago). > > Regards > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > Yahoo!香港提供網上安全攻略,教你如何防範黑客! 請前往 http://hk.promo.yahoo.com/security/ 了解更多! Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
