Re: Firewall-1 Identification : port 257 (ie archive : 18701)

[Mariusz Woloszyn <emsi () ipartners pl>]

On Tue, 2 Apr 2002, Sacha Faust wrote:

> I did some additional poking at the system and found out that if you connect
> to port 257 and you hit a few keys, the server will return fwa1 string.
Keep in mind that in every Checkpoint book they write that there should be
a "Stealth Rule", which block all traffic to firewall. It should be the
very first rule in rules table. It means that if you find computer with
256,257 and 258 ports open that implyes _lame_ installation (or you're on
host explicitly allowed to connect).

--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners