With some afterthought.. I don't think I would sleep to well using a firewall that have been open to the internet like this. I think I would have unplugged the box and given it a reinstall ASAP.
Lars > -----Original Message----- > From: Roelandts, Guy [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, October 01, 2002 08:06 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Check point firewall open ports > > > Hi, > > As the others stated you need a stealth rule, but as this > seems to be > a Windoze box, it looks like you didn't do anything to harden it, all > those 13* ports should be there. Refer to one of the hardening guides > that are available a bit everywhere and disable all those > un-necessary > services before going any further. > > Met vriendelijke groeten - Bien � vous - Kind regards > Guy ROELANDTS > EMEA GS Internet Expertise Centre - CCSE-NG > Compaq BeLux - now part of the New HP > E-mail : [EMAIL PROTECTED] > Tel: +32(02)729.77.44 (options 3 - 3 - 1) > Fax: +32(02)729.77.65 > ========================================================== > This message may contain confidential and/or proprietary information, > and is intended only for the person/entity to whom it was originally > addressed. The content of this message may contain private views and > opinions which do not constitute a formal disclosure or commitment > unless specifically stated. Should you receive this message by mistake > please inform the sender immediately. > ========================================================== > > > -----Original Message----- > From: Ramakrishnan [mailto:[EMAIL PROTECTED]] > Sent: 01 October 2002 00:44 > To: [EMAIL PROTECTED] > Subject: [FW-1] Check point firewall open ports > > > Hi all, > > I did a port scan of my customer's firewall with Sync > connect on TCP and UDP ports. I find that these ports > are open. > > 135/tcp open loc-srv > 135/udp open loc-srv > 137/udp open netbios-ns > 138/udp open netbios-dgm > 139/tcp open netbios-ssn > 161/udp open snmp > 256/tcp open FW1-secureremote > 259/tcp open esro-gen > 259/udp open firewall1-rdp > 262/tcp open arcisdms > 264/tcp open bgmp > 265/tcp open maybeFW1 > 500/udp open isakmp > 900/tcp open unknown > 1027/udp open unknown > 2746/udp open unknown > 4985/tcp open unknown > 4986/tcp open unknown > 4987/tcp open maybeveritas > 4988/tcp open unknown > 4989/tcp open unknown > 4990/tcp open unknown > 18183/tcp open unknown > 18184/tcp open unknown > 18187/tcp open unknown > 19190/tcp open unknown > > I find that all these ports - barring a few need not > be open. I want to be sure that if I disable these > ports on external interface , Management console > should work from internal interface. My customer's > firewall admin opines that these are required for > Management workstation. They do not connect Management > station from external interface. > > I request the list's opinion on this. Has anybody > faced this before. > > Regards > Rama > > __________________________________________________ > Do you Yahoo!? > New DSL Internet Access from SBC & Yahoo! > http://sbc.yahoo.com > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
