Re: Firewall-1 Identification : port 257 (ie archive : 18701)

From: Mariusz Woloszyn (emsiat_private)
Date: Wed Apr 03 2002 - 06:32:14 PST

Next message: securityat_private: "Security Update: [CSSA-2002-014.0] Linux: rsync supplementary groups vulnerability"

Previous message: Alun Jones: "Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1"
In reply to: Sacha Faust: "Firewall-1 Identification : port 257 (ie archive : 18701)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 2 Apr 2002, Sacha Faust wrote:

> I did some additional poking at the system and found out that if you connect
> to port 257 and you hit a few keys, the server will return fwa1 string.
>
Keep in mind that in every Checkpoint book they write that there should be
a "Stealth Rule", which block all traffic to firewall. It should be the
very first rule in rules table. It means that if you find computer with
256,257 and 258 ports open that implyes _lame_ installation (or you're on
host explicitly allowed to connect).

--
Mariusz Wołoszyn
Internet Security Specialist, Internet Partners

Next message: securityat_private: "Security Update: [CSSA-2002-014.0] Linux: rsync supplementary groups vulnerability"
Previous message: Alun Jones: "Re: DoS in debian (potato) proftpd: 1.2.0pre10-2.0potato1"
In reply to: Sacha Faust: "Firewall-1 Identification : port 257 (ie archive : 18701)"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Wed Apr 03 2002 - 22:07:41 PST