Penetration Testing mailing list archives

RE: Penetration Testing a CheckPoint NG FW on Nokia

From: "Dieter Sarrazyn" <dsr () ascure com>
Date: Sun, 9 Jan 2005 08:10:39 +0100

Also a good source for information is the ISSAF (Information System
Security Assessment Framework) document (from OISSG -
http://www.oissg.org) 

http://www.oissg.org/content/view/71/71/

Or the doc itself: http://oissg.org/issaf01/issaf0.1.zip

Dieter

-----Original Message-----
From: Jason binger [mailto:cisspstudy () yahoo com] 
Sent: woensdag 5 januari 2005 23:35
To: pen-test () securityfocus com
Subject: Penetration Testing a CheckPoint NG FW on Nokia

I was recently performing a penetration test against a 
CheckPoint FW running on Nokia and received the following 
results from a port scan against the host:

Interesting ports on XYZ:
(The 65531 ports scanned but not shown below are in
state: filtered)
PORT      STATE  SERVICE          VERSION
264/tcp   open   fw1-secureremote Checkpoint Firewall1
SecureRemote
500/tcp   closed isakmp
18262/tcp closed unknown
18264/tcp open   unknown

When telnetting to TCP 18264 I received:

HTTP/1.0 400 Bad Request
Date: Wed, 05 Jan 2005 21:57:57 GMT
Server: Check Point SVN foundation
Content-Type: text/html
Connection: close
Content-Length: 200

Opening a browser to TCP 18264 gave an "Internal Server Error".

Are there any tools that allow me to brute-force a username 
and password through the SecuRemote port to gain unauthorised 
access via VPN?

I found this link for bruteforcing usernames on CheckPoint - 
http://www.securiteam.com/securitynews/5TP040U8AW.html
but could not find the supporting tools. Does anyone have 
this set of tools? and other password bruteforcing tools?

Are there any security implications of allowing access to TCP 
18262 and TCP 18264 ports? What will break if these ports are closed?

Does anyone have a list of other tests that should be 
performed against a CheckPoint FW?

Cheers,

__________________________________
Do you Yahoo!? 
All your favorites on one personal page - Try My Yahoo!
http://my.yahoo.com

Current thread:

Penetration Testing a CheckPoint NG FW on Nokia Jason binger (Jan 06)
- Re: Penetration Testing a CheckPoint NG FW on Nokia Seth Jackson (Jan 06)
- <Possible follow-ups>
- RE: Penetration Testing a CheckPoint NG FW on Nokia Dieter Sarrazyn (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Eliot Mansfield (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Paul Kurczaba (Jan 06)
  - RE: Penetration Testing a CheckPoint NG FW on Nokia rzaluski (Jan 06)
  - Re: Penetration Testing a CheckPoint NG FW on Nokia Andre Ludwig (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Sharma, Pankaj (Jan 06)
  - Re: Penetration Testing a CheckPoint NG FW on Nokia Frederic Charpentier (Jan 07)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Dieter Sarrazyn (Jan 10)
  - Google Hacking and SiteDigger 2.0 Kartik Trivedi (Jan 11)