Firewall Wizards mailing list archives

RE: port 256/257 and firewall-1

From: Scott Blake <blake () netegrity com>
Date: Wed, 22 Oct 1997 09:33:47 -0400

I concur with Errol.  I've done some limited testing of these ports and
they appear to be reasonably safe against DoS attacks (I'd love to hear
if someone knows otherwise).  You should note that the FireWall-1
Control Connections include UDP on ports 161 (snmp) and 260 (fw-1 snmp).
Unchecking the box will also disable SNMP on the interfaces you don't
explicitly open.

-s

Scott Blake, Network Security Architect
Netegrity, Inc.
blake () security com

-----Original Message-----
From: Weiss, Errol S. [SMTP:errol () cip saic com]
Sent: Sunday, October 19, 1997 2:09 AM
To:   George Wang; firewall-wizards () nfr net
Subject:      RE: port 256/257 and firewall-1

My take on this, from Checkpoint, is that the ports are "proprietary"
Checkpoint ports and provide:
1) Firewall module and management station services
2) Download of the rule base
3) Systems status

The services can be disabled under the Firewall Policy/ Properties and
uncheck the "Accept Firewall-1 Control Connection" box.  I certainly
wouldn't have the ports accessible on an untrusted interface.

Errol

Errol S. Weiss       errol () cip saic com
SAIC Center for Information Protection
(703) 556-7366  Office
(800) CIP-1214  CIP-Central
(888) 602-4537  Pager
http://www.saic.com/internet/cyber_security.html

-----Original Message-----
From:       George Wang [SMTP:wangw () SINGNET COM SG]
Sent:       Thursday, October 16, 1997 8:46 AM
To: firewall-wizards () nfr net
Subject:    port 256/257 and firewall-1

Hi,

I have configured the firewall-1's policy to only pass DNS and WWW,
however when I do a port scan from external side, it reveals that
ports
256/257 TCP also open. I think it's for firewall-1's control module.


Could anyone tell me whether there is any risk for this and is it
necessary to explicitly add a filtering rule to reject pkts destined
for
these ports from external side?

thanks for any advice.

Current thread:

port 256/257 and firewall-1 George Wang (Oct 17)
- <Possible follow-ups>
- RE: port 256/257 and firewall-1 Weiss, Errol S. (Oct 19)
- RE: port 256/257 and firewall-1 Scott Blake (Oct 22)
  - RE: port 256/257 and firewall-1 Paul D. Robertson (Oct 23)