Hi,
there is a rule which allows these ports :-))
Its the "Allow FW-1 Control Connections" in the
properties. Firewall-1 uses these ports for the snmp deamons. If
you uncheck this line, you should setup a special rule, above the
stealth rule, which allows these control connections to and from
the management station or probably other internal servers. This
depends on the design and the configuration of the whole
environment at your site.
Have a closer look to the documents of Lance Spitzner
(www.enteract.com\~lspitz) or the different documents at phoneboy
(www.phoneboy.com).
Robert
On Wed, 11 Oct 2000 [EMAIL PROTECTED] wrote:
>
> I have performed a basic portscan test from Securityspace against my system
> and found two open ports:
> 264 - tcp- service bgmp
> 265 - tcp- unknown
>
> What should I do to block access through these ports? I don't have any FW
> rule that allows them.
>
> Thanks in advance,
>
> Victoria
>
> Global Manufacturers' Services Valencia (Spain)
>
>
> ================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> ================================================================================
>
----------------------------------------
Robert Binder
IT-Security Consultant
Integralis, Niederlassung M�nchen
Gutenbergstr. 1
D-85737 Ismaning
Tel: +49-89-94573-235
Fax: +49-89-94573-119
http://www.integralis.de/
A member of the Articon-Integralis Group
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
