RE: How to discover FW-1 management module or GUI?

From: DABDELMOat_private
Date: Mon Sep 17 2001 - 02:03:57 PDT

Next message: Steve Goldsby: "RE: Industry Definitions... possible? was Re: Security Audit"

Previous message: Oliver.Karowat_private: "Re: Problems on the DOS-Prompt"
Maybe in reply to: Carmelo Floridia: "How to discover FW-1 management module or GUI?"
Next in thread: Ricci @ ismart: "RE: How to discover FW-1 management module or GUI?"
Next in thread: H Carvey: "Re: Security Audit"
Reply: Ricci @ ismart: "RE: How to discover FW-1 management module or GUI?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

When I talked about the port 257, I did not say it was the GUI->MC port
number ;)
Indeed port 257 is the port used by the management console to communicate
with the firewall modules.

David

> -----Message d'origine-----
> De:	Michael Batchelder [SMTP:piranhabrosat_private]
> Date:	vendredi 14 septembre 2001 01:53
> À:	Alex Butcher; Carmelo Floridia
> Cc:	pen-testat_private
> Objet:	Re: How to discover FW-1 management module or GUI?
> 
> 
> --- Alex Butcher <alexat_private> wrote:
> >
> > Carmelo Floridia wrote:
> > > How can i discover in a LAN the management module
> > > or the PC that run FW-1 GUI?
> > 
> > You won't be able to discover the host running the
> > GUI other than by sniffing the network and finding a
> > host that's communicating with the 
> > management module. IIRC, the protocol used is
> > 258/tcp.
> 
> I've seen a couple incorrect postings to the list of
> the GUI->MC port number.  Port 258 TCP is the
> traditional port that the MC listens on for GUI
> connections.  Keep in mind that some deviant types
> (myself included) tunnel the GUI over SSH w/port
> forwarding, just to make life on the hackers harder,
> and provide an additional layer of auth.
> 
> You might be able to infer which hosts run the GUI in
> a LAN w/o snooping by firewalking any firewall between
> the GUI and the MC.  Ideally, MC's are behind
> firewalls themselves, not sitting around on the LAN. 
> Ideally...
> 
> As far as discovering the MC, it typically listens for
> multiple things besides the GUI client connection. 
> For example, it listens for connections from VPN
> clients for topology downloads, IKE, cert stuff,
> etc...  There's a whole range of ports from > 256 up
> thru 264, plus 900 and some others, OTTOMH.  If you
> see a machine that fits this profile, you got a MC. 
> Check www.phoneboy.com for the definitive list.
> 
> Binky
> 
> __________________________________________________
> Terrorist Attacks on U.S. - How can you help?
> Donate cash, emergency relief information
> http://dailynews.yahoo.com/fc/US/Emergency_Information/
> 
> --------------------------------------------------------------------------
> --
> This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
> see:
> https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

Next message: Steve Goldsby: "RE: Industry Definitions... possible? was Re: Security Audit"
Previous message: Oliver.Karowat_private: "Re: Problems on the DOS-Prompt"
Maybe in reply to: Carmelo Floridia: "How to discover FW-1 management module or GUI?"
Next in thread: Ricci @ ismart: "RE: How to discover FW-1 management module or GUI?"
Next in thread: H Carvey: "Re: Security Audit"
Reply: Ricci @ ismart: "RE: How to discover FW-1 management module or GUI?"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 11:13:28 PDT