RE: [FW1] Possible hacked firewall.

Mon, 17 Jul 2000 17:27:37 -0700

Title: Possible hacked firewall.
This is more likely the sign of a badly configured firewall that is open to being hacked.
Ports 256,257,258 and 259 are used by Firewall-1 for various reasons.  In many cases some or all of these can be turned off.  See http://www.phoneboy.com/fw1/faq/0105.html for descriptions of these ports.
As for the others, you only need ftp, telnet and smtp open to all hosts if you run security servers on these ports.  Otherwise limit to allow only trusted administration hosts.  sunrpc, lockd and X11 should definitely not be open.  See http://www.enteract.com/~lspitz/armoring.html to learn how to secure Solaris for running a Firewall.
 
Regards,
Kerry.

-------------------------------------------------------------------
Kerry Baker                      Phone: +64 3 364 2336
NETWORK CONSULTANT                 Fax: +64 3 364 2332
Information Technology Services   http://www.canterbury.ac.nz
University of Canterbury        mailto:[EMAIL PROTECTED]
Christchurch, New Zealand
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Padden, Greg
Sent: Tuesday, 18 July 2000 11:15 a.m.
To: '[EMAIL PROTECTED]'
Subject: [FW1] Possible hacked firewall.

I've got a friend how is more or less a LAN Admin type that recently took over a FW-1 installation running on Solaris and found the following ports open on his box.

Are the ports 256, 257, 258, 259 an indication that his FW has been hacked?  I haven't see these ports open on other FW-1 boxes.

Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
Interesting ports on r4keytower-qfe-0.metrokc.gov (146.129.191.142):
Port    State       Protocol  Service
21      open        tcp        ftp
23      open        tcp        telnet
25      open        tcp        smtp
111     open        tcp        sunrpc
256     open        tcp        rap
257     open        tcp        set
258     open        tcp        yak-chat
259     open        tcp        esro-gen
4045    open        tcp        lockd
6000    open        tcp        X11


Network Engineer, MSCE, CCNA
Information and Telecommunications Services
King County
700 5th Ave, Suite 1800
Seattle, WA 98104
(206)263-4804 Fax (206)263-4834
<<Padden, Greg.vcf>>

Reply via email to