Firewall Wizards mailing list archives

RE: Ports 256,257,258 open on FW-1

From: "Joe Ippolito" <joe () joesnet com>
Date: Thu, 17 Dec 1998 06:34:18 -0800

Useful Info

I had configured a custom FW1 protocol in MS Winsock Proxy for
all the ports some time ago and could not get it working.  It turns out that
I just needed to have 258 as the starting port.  In fact that is the only
one that I needed.  I just have protocol FW1 configured as port 258, TCP,
Outbound and no others.  Now I can keep everyone else using Winsock Proxy at
our facility from even trying a username and password from the Firewall-1
GUI except those who have been granted specific user permissions.  Now
firewall administrators at my facility can use any DHCP client since the
only IP in the Firewall-1 config is MS Proxy's.

Thanks

-----Original Message-----
From: owner-firewall-wizards () nfr net
[mailto:owner-firewall-wizards () nfr net]On Behalf Of Lart
Sent: Saturday, December 12, 1998 7:17 AM
To: John Lauderdale; firewall-wizards () nfr net
Subject: Re: Ports 256,257,258 open on FW-1


At 11:59 AM 12/11/98 +0800, John Lauderdale wrote:

I notice that ports 256,257,and 258 are open when our Firewall-1 is
portscanned.

Does anyone know what FW-1 uses these ports for?


256 =  The FW1 service, used for fetching encryption keys, sync traffic,
among other things.

257 = FW1_log, logging b/n PFM and MC.

258 = FW1_mgmt, communication b/n the GUI and the MC.

There are other ports too.  READ your manual.

Should those ports be visible from the Internet?


256 should, IF you are doing a VPN.

You REALLY NEED to either read your manual as well as dig through the
network services objects.  Why?  You put this box between your internal
network and the void, and rely on it for maintaining the integrity of your
network.  You need to understand it, fully.

There was that (bogus) security advisory a few weeks back from the people
at Diligence as well.  The gist?  Take the default settings and you are
vulnerable.  Why do I call it bogus?  If you're installing firewalls, any
kind, not just Check Point, you need to properly configure them.


--
Lart <lart () hacksec org>          | HackSec Klahn
Technologist, Cryptogeek, Human  | http://www.hacksec.org/
   PGP Key ID 0x5F343B23 - Encrypted Mail is Welcome

Current thread:

Ports 256,257,258 open on FW-1 John Lauderdale (Dec 11)
- Re: Ports 256,257,258 open on FW-1 Chris Brenton (Dec 14)
  - Re: Ports 256,257,258 open on FW-1 Dave Whitlow (Dec 15)
    - Re: Ports 256,257,258 open on FW-1 Chris Brenton (Dec 15)
  - Re: Ports 256,257,258 open on FW-1 Randolf-Heiko Skerka (Dec 15)
- Re: Ports 256,257,258 open on FW-1 Darren Reed (Dec 14)
- Re: Ports 256,257,258 open on FW-1 Peter J. Cherny (Dec 15)
- Re: Ports 256,257,258 open on FW-1 Lart (Dec 15)
  - RE: Ports 256,257,258 open on FW-1 Joe Ippolito (Dec 18)
- <Possible follow-ups>
- Re: Ports 256,257,258 open on FW-1 mark s. kassem (Dec 12)
- RE: Ports 256,257,258 open on FW-1 Houser David DW (Dec 14)
- Re: Ports 256,257,258 open on FW-1 Ryan Russell (Dec 14)
- Re: Ports 256,257,258 open on FW-1 Bruce B. Platt (Dec 18)
  - Re: Ports 256,257,258 open on FW-1 jgalvin (Dec 22)
    - RE: Ports 256,257,258 open on FW-1 Bruce B. Platt (Dec 24)
- RE: Ports 256,257,258 open on FW-1 jgalvin (Dec 24)
  - RE: Ports 256,257,258 open on FW-1 Scot Anderson (Dec 26)
  - Re: Ports 256,257,258 open on FW-1 Neil Buckley (Dec 28)
- RE: Ports 256,257,258 open on FW-1 Moser, Stefan (Dec 29)