Erik,
That means you're running Compaq Insight Manager's Web Agent. I would definitely
disable that. There are several vulnerabilities associated with it, and I can't
think of any good reason to recommend running it on a firewall. Basically, what you
are seeing, is broadcast traffic being initiated from your firewall, for the
purposes of finding other Compaq servers and gathering their info. To see an
example of what's being gathered, open your firewall (from ONLY YOUR IP address) to
TCP port 2301 and then point your web browser to http://yourcompaqfirewall:2301 .
You'll see all kinds of scary information. Beyond that, there's also a bounds
checking exploit that allows the reading of any file on the system via that same web
browser. So, long explanation, short - disable Compaq Insight Manager's Web Agent
on your firewall....
Jason
http://www.wittys.com
Erik Skoog wrote:
> Greetings
>
> I am getting a drop message in my log file stating:
>
> Source Dest Service Action
> Firewall 255.255.255.255 2301 drop
>
> I was wondering what the consiquences of creating an explicit rule in my
> firewall
>
> Source Dest Service Action Track
> Firewall 255.255.255.255 2301 drop (None)
>
> would be (if anything)
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
