Firewall Wizards mailing list archives
Re: Open ports on FW1
From: "Jayson Broughton" <jbroughton () allcovered com>
Date: Tue, 18 Jan 2000 11:38:45 -0800
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Simon, The following ports are used by Firewall-1, I believe that all of these ports should remain open, unless one thinks that it would provide a means in breaching security. *TCP 259 is used for Client Authentication, the UDP port of 259 is used as encryption to manage an encrypted session. *TCP 258 is used for the Firewall administration GUI via remote administration. aka FWpolicy Remote GUI. * TCP 257 is used for the Remote Firewall program(module?) to send logs to a Manager console. * port 256 is used too for encryption, that of CS & DH key exchange in the FWZ encryption. Some say this is also used by securemote. I have no recollection of this, but someone out in the audience might be able to help you there *UDP 161 & 260 used by Firewall-1's SNMP Daemon. Once again, if your job/ability, is useful for remotely administering the firewall, then I would keep all of these active. I believe that Checkpoint wants these ports open at all times. But once again, a speculation. One last thing, if you do use remote administration of your firewall, be smart and use a Randomly generated, or Really bloomin' hard to guess password with random #'s and Characters. There are crackers out there that can rip through weak passwords like a knife through butter. Jayson Broughton HQ-All Bases Covered Network & Security Admin. -----BEGIN PGP SIGNATURE----- Version: PGPfreeware 6.5.2 for non-commercial use <http://www.pgp.com> iQA/AwUBOITBEKe75Wq9veF/EQLi0gCg199VWfkcTxuiSg1YnAM7CLubbrEAnAvG cTj7xEy3MyeYu0rJ7Vueoa/V =88ED -----END PGP SIGNATURE----- Simon Elliot wrote:
Hi I was interested in a previous messge you received regarding TCP ports 256,257,258 on Firewall 1. What security implication can rise from these ports being open? Thanks for your time Any help will be gratefully received. ______________________________________________________ Get Your Private, Free Email at http://www.hotmail.com
Current thread:
- Open ports on FW1 Simon Elliot (Jan 17)
- Re: Open ports on FW1 Chris Brenton (Jan 18)
- Re: Open ports on FW1 Lance Spitzner (Jan 18)
- Re: Open ports on FW1 Jayson Broughton (Jan 18)
- Re: Open ports on FW1 beldridg (Jan 20)