Penetration Testing mailing list archives
RE: Penetration Testing a CheckPoint NG FW on Nokia
From: "Sharma, Pankaj" <psharma () panynj gov>
Date: Thu, 6 Jan 2005 13:36:32 -0500
18262 /tcp CP_Exnet_PK Check Point Extrnet public key advertisement - Protocol for exchange of public keys when configuring Extranet no more supported since NG AI R55 18263 /tcp CP_Exnet_resolve Check Point Extranet remote objects resolution - Protocol for importing exported objects from partner in Extranet no more supported since NG AI R55 18264 /tcp FW1_ica_services Check Point Internal CA Fetch CRL and User Registration Services - Protocol for Certificate Revocation Lists and registering users when using the Policy Server - needed when e.g. FWM is starting -----Original Message----- From: Paul Kurczaba [mailto:seclists () securinews com] Sent: Thursday, January 06, 2005 12:02 PM To: cisspstudy () yahoo com; pen-test () securityfocus com Subject: RE: Penetration Testing a CheckPoint NG FW on Nokia I know that 264/tcp is used by securemote to get the site information, and that 500/udp is for IPSec. Does anybody know what 18262/tcp and 18264/tcp is used for? It seems questionable... -Paul -----Original Message----- From: "Jason binger"<cisspstudy () yahoo com> Sent: 1/5/05 5:34:39 PM To: "pen-test () securityfocus com"<pen-test () securityfocus com> Subject: Penetration Testing a CheckPoint NG FW on Nokia I was recently performing a penetration test against a CheckPoint FW running on Nokia and received the following results from a port scan against the host: Interesting ports on XYZ: (The 65531 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE VERSION 264/tcp open fw1-secureremote Checkpoint Firewall1 SecureRemote 500/tcp closed isakmp 18262/tcp closed unknown 18264/tcp open unknown When telnetting to TCP 18264 I received: HTTP/1.0 400 Bad Request Date: Wed, 05 Jan 2005 21:57:57 GMT Server: Check Point SVN foundation Content-Type: text/html Connection: close Content-Length: 200 Opening a browser to TCP 18264 gave an "Internal Server Error". Are there any tools that allow me to brute-force a username and password through the SecuRemote port to gain unauthorised access via VPN? I found this link for bruteforcing usernames on CheckPoint - http://www.securiteam.com/securitynews/5TP040U8AW.html but could not find the supporting tools. Does anyone have this set of tools? and other password bruteforcing tools? Are there any security implications of allowing access to TCP 18262 and TCP 18264 ports? What will break if these ports are closed? Does anyone have a list of other tests that should be performed against a CheckPoint FW? Cheers, __________________________________ Do you Yahoo!? All your favorites on one personal page - Try My Yahoo! http://my.yahoo.com
Current thread:
- Penetration Testing a CheckPoint NG FW on Nokia Jason binger (Jan 06)
- Re: Penetration Testing a CheckPoint NG FW on Nokia Seth Jackson (Jan 06)
- <Possible follow-ups>
- RE: Penetration Testing a CheckPoint NG FW on Nokia Dieter Sarrazyn (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Eliot Mansfield (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Paul Kurczaba (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia rzaluski (Jan 06)
- Re: Penetration Testing a CheckPoint NG FW on Nokia Andre Ludwig (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Sharma, Pankaj (Jan 06)
- Re: Penetration Testing a CheckPoint NG FW on Nokia Frederic Charpentier (Jan 07)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Dieter Sarrazyn (Jan 10)
- Google Hacking and SiteDigger 2.0 Kartik Trivedi (Jan 11)