Alex, You should get yourself a shell account. Such an account is extremly useful when it comes to such things and I'm not sure I trust that I'm the only one getting the results from all those web scanners out there. There are pretty cheap shell accounts available out there and you don't need that much disc space in order to install nmap and a few other tools.
Lars > -----Original Message----- > From: Lien, Alex [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, October 01, 2002 18:37 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Check point firewall open ports > > > Hi Lars,all, > > Is there a web site that you can point me to that can scan > specific ip's. I > would like to scan my firewalls and edge routers but haven't > found a site > that can do that. > > Thanks > Alex > > -----Original Message----- > From: Lars Troen [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, October 01, 2002 2:00 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Check point firewall open ports > > > Rama, > This firewall needs a stealth rule! All these should NOT be > open. After > having a stealth rule you should also uncheck "Allow VPN1 & Firewall-1 > Contol Connections" from Policy / Properties and create > manual rules for the > (few) needed services (for remote management etc). > > Hmm.. You did scan this firewall from an external source? > > Lars > > > -----Original Message----- > > From: Ramakrishnan [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, October 01, 2002 00:44 > > To: [EMAIL PROTECTED] > > Subject: [FW-1] Check point firewall open ports > > > > > > Hi all, > > > > I did a port scan of my customer's firewall with Sync > > connect on TCP and UDP ports. I find that these ports > > are open. > > > > 135/tcp open loc-srv > > 135/udp open loc-srv > > 137/udp open netbios-ns > > 138/udp open netbios-dgm > > 139/tcp open netbios-ssn > > 161/udp open snmp > > 256/tcp open FW1-secureremote > > 259/tcp open esro-gen > > 259/udp open firewall1-rdp > > 262/tcp open arcisdms > > 264/tcp open bgmp > > 265/tcp open maybeFW1 > > 500/udp open isakmp > > 900/tcp open unknown > > 1027/udp open unknown > > 2746/udp open unknown > > 4985/tcp open unknown > > 4986/tcp open unknown > > 4987/tcp open maybeveritas > > 4988/tcp open unknown > > 4989/tcp open unknown > > 4990/tcp open unknown > > 18183/tcp open unknown > > 18184/tcp open unknown > > 18187/tcp open unknown > > 19190/tcp open unknown > > > > I find that all these ports - barring a few need not > > be open. I want to be sure that if I disable these > > ports on external interface , Management console > > should work from internal interface. My customer's > > firewall admin opines that these are required for > > Management workstation. They do not connect Management > > station from external interface. > > > > I request the list's opinion on this. Has anybody > > faced this before. > > > > Regards > > Rama > > > > __________________________________________________ > > Do you Yahoo!? > > New DSL Internet Access from SBC & Yahoo! > > http://sbc.yahoo.com > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
