Penetration Testing mailing list archives

Re: Penetration Testing a CheckPoint NG FW on Nokia

From: Andre Ludwig <andre.ludwig () gmail com>
Date: Thu, 6 Jan 2005 12:38:06 -0500

http://www.fw-1.de/aerasec/ng/ports-ng.html

Andre ludwig


On Thu, 6 Jan 2005 12:01:33 -0500, Paul Kurczaba
<seclists () securinews com> wrote:

I know that 264/tcp is used by securemote to get the site information, and that 500/udp is for IPSec. Does anybody 
know what 18262/tcp and 18264/tcp is used for? It seems questionable...

-Paul
-----Original Message-----
    From: "Jason binger"<cisspstudy () yahoo com>
    Sent: 1/5/05 5:34:39 PM
    To: "pen-test () securityfocus com"<pen-test () securityfocus com>
    Subject: Penetration Testing a CheckPoint NG FW on Nokia
      I was recently performing a penetration test against a
    CheckPoint FW running on Nokia and received the
    following results from a port scan against the host:

    Interesting ports on XYZ:
    (The 65531 ports scanned but not shown below are in
    state: filtered)
    PORT      STATE  SERVICE          VERSION
    264/tcp   open   fw1-secureremote Checkpoint Firewall1
    SecureRemote
    500/tcp   closed isakmp
    18262/tcp closed unknown
    18264/tcp open   unknown

    When telnetting to TCP 18264 I received:

    HTTP/1.0 400 Bad Request
    Date: Wed, 05 Jan 2005 21:57:57 GMT
    Server: Check Point SVN foundation
    Content-Type: text/html
    Connection: close
    Content-Length: 200

    Opening a browser to TCP 18264 gave an "Internal
    Server Error".

    Are there any tools that allow me to brute-force a
    username and password through the SecuRemote port to
    gain unauthorised access via VPN?

    I found this link for bruteforcing usernames on
    CheckPoint -
    http://www.securiteam.com/securitynews/5TP040U8AW.html
    but could not find the supporting tools. Does anyone
    have this set of tools? and other password
    bruteforcing tools?

    Are there any security implications of allowing access
    to TCP 18262 and TCP 18264 ports? What will break if
    these ports are closed?

    Does anyone have a list of other tests that should be
    performed against a CheckPoint FW?

    Cheers,

    __________________________________
    Do you Yahoo!?
    All your favorites on one personal page – Try My Yahoo!
    http://my.yahoo.com

Current thread:

Penetration Testing a CheckPoint NG FW on Nokia Jason binger (Jan 06)
- Re: Penetration Testing a CheckPoint NG FW on Nokia Seth Jackson (Jan 06)
- <Possible follow-ups>
- RE: Penetration Testing a CheckPoint NG FW on Nokia Dieter Sarrazyn (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Eliot Mansfield (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Paul Kurczaba (Jan 06)
  - RE: Penetration Testing a CheckPoint NG FW on Nokia rzaluski (Jan 06)
  - Re: Penetration Testing a CheckPoint NG FW on Nokia Andre Ludwig (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Sharma, Pankaj (Jan 06)
  - Re: Penetration Testing a CheckPoint NG FW on Nokia Frederic Charpentier (Jan 07)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Dieter Sarrazyn (Jan 10)
  - Google Hacking and SiteDigger 2.0 Kartik Trivedi (Jan 11)