Thanks. Issues are two folds.
Recommendations for hardening the box has already been given. The contentious ports are - FW used ports and the secure remote ports. Is there a way to restrict the FW specific ports to internal interface. Regards Rama --- Lars Troen <[EMAIL PROTECTED]> wrote: > With some afterthought.. I don't think I would sleep > to well using a firewall that have been open to the > internet like this. I think I would have unplugged > the box and given it a reinstall ASAP. > > Lars > > > -----Original Message----- > > From: Roelandts, Guy [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, October 01, 2002 08:06 > > To: [EMAIL PROTECTED] > > Subject: Re: [FW-1] Check point firewall open > ports > > > > > > Hi, > > > > As the others stated you need a stealth rule, > but as this > > seems to be > > a Windoze box, it looks like you didn't do > anything to harden it, all > > those 13* ports should be there. Refer to one of > the hardening guides > > that are available a bit everywhere and disable > all those > > un-necessary > > services before going any further. > > > > Met vriendelijke groeten - Bien � vous - Kind > regards > > Guy ROELANDTS > > EMEA GS Internet Expertise Centre - CCSE-NG > > Compaq BeLux - now part of the New HP > > E-mail : [EMAIL PROTECTED] > > Tel: +32(02)729.77.44 (options 3 - 3 - 1) > > Fax: +32(02)729.77.65 > > > ========================================================== > > This message may contain confidential and/or > proprietary information, > > and is intended only for the person/entity to whom > it was originally > > addressed. The content of this message may contain > private views and > > opinions which do not constitute a formal > disclosure or commitment > > unless specifically stated. Should you receive > this message by mistake > > please inform the sender immediately. > > > ========================================================== > > > > > > -----Original Message----- > > From: Ramakrishnan [mailto:[EMAIL PROTECTED]] > > Sent: 01 October 2002 00:44 > > To: [EMAIL PROTECTED] > > Subject: [FW-1] Check point firewall open ports > > > > > > Hi all, > > > > I did a port scan of my customer's firewall with > Sync > > connect on TCP and UDP ports. I find that these > ports > > are open. > > > > 135/tcp open loc-srv > > 135/udp open loc-srv > > 137/udp open netbios-ns > > 138/udp open netbios-dgm > > 139/tcp open netbios-ssn > > 161/udp open snmp > > 256/tcp open FW1-secureremote > > 259/tcp open esro-gen > > 259/udp open firewall1-rdp > > 262/tcp open arcisdms > > 264/tcp open bgmp > > 265/tcp open maybeFW1 > > 500/udp open isakmp > > 900/tcp open unknown > > 1027/udp open unknown > > 2746/udp open unknown > > 4985/tcp open unknown > > 4986/tcp open unknown > > 4987/tcp open maybeveritas > > 4988/tcp open unknown > > 4989/tcp open unknown > > 4990/tcp open unknown > > 18183/tcp open unknown > > 18184/tcp open unknown > > 18187/tcp open unknown > > 19190/tcp open unknown > > > > I find that all these ports - barring a few need > not > > be open. I want to be sure that if I disable these > > ports on external interface , Management console > > should work from internal interface. My customer's > > firewall admin opines that these are required for > > Management workstation. They do not connect > Management > > station from external interface. > > > > I request the list's opinion on this. Has anybody > > faced this before. > > > > Regards > > Rama > > > > __________________________________________________ > > Do you Yahoo!? > > New DSL Internet Access from SBC & Yahoo! > > http://sbc.yahoo.com > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= __________________________________________________ Do you Yahoo!? New DSL Internet Access from SBC & Yahoo! http://sbc.yahoo.com ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
