Ports 256 through to 259 are the ports that FW1 use to communicate between
the firewall host and the management console. Each port has a different
function.
This does not mean that your site has been hacked, it merely offers hackers
the information that that particular host is a FW1 firewall.
>From: "Padden, Greg" <[EMAIL PROTECTED]>
>To: "'[EMAIL PROTECTED]'"
><[EMAIL PROTECTED]>
>Subject: [FW1] Possible hacked firewall.
>Date: Mon, 17 Jul 2000 16:15:02 -0700
>
>I've got a friend how is more or less a LAN Admin type that recently took
>over a FW-1 installation running on Solaris and found the following ports
>open on his box.
>
>Are the ports 256, 257, 258, 259 an indication that his FW has been hacked?
>I haven't see these ports open on other FW-1 boxes.
>
>Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
>Interesting ports on r4keytower-qfe-0.metrokc.gov (146.129.191.142):
>Port State Protocol Service
>21 open tcp ftp
>23 open tcp telnet
>25 open tcp smtp
>111 open tcp sunrpc
>256 open tcp rap
>257 open tcp set
>258 open tcp yak-chat
>259 open tcp esro-gen
>4045 open tcp lockd
>6000 open tcp X11
>
>
>Network Engineer, MSCE, CCNA
>Information and Telecommunications Services
>King County
>700 5th Ave, Suite 1800
>Seattle, WA 98104
>(206)263-4804 Fax (206)263-4834
> <<Padden, Greg.vcf>>
><< Padden,Greg.vcf >>
________________________________________________________________________
Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
