Re: Ports 256,257,258 open on FW-1

[Lart <lart () hacksec org>]

At 11:59 AM 12/11/98 +0800, John Lauderdale wrote:
> I notice that ports 256,257,and 258 are open when our Firewall-1 is
> portscanned. 
>
> Does anyone know what FW-1 uses these ports for?  

256 =  The FW1 service, used for fetching encryption keys, sync traffic,
among other things.

257 = FW1_log, logging b/n PFM and MC.

258 = FW1_mgmt, communication b/n the GUI and the MC.

There are other ports too.  READ your manual.

> Should those ports be visible from the Internet? 

256 should, IF you are doing a VPN.

You REALLY NEED to either read your manual as well as dig through the
network services objects.  Why?  You put this box between your internal
network and the void, and rely on it for maintaining the integrity of your
network.  You need to understand it, fully.

There was that (bogus) security advisory a few weeks back from the people
at Diligence as well.  The gist?  Take the default settings and you are
vulnerable.  Why do I call it bogus?  If you're installing firewalls, any
kind, not just Check Point, you need to properly configure them.


-- 
Lart <lart () hacksec org>          | HackSec Klahn
Technologist, Cryptogeek, Human  | http://www.hacksec.org/
   PGP Key ID 0x5F343B23 - Encrypted Mail is Welcome