When I talked about the port 257, I did not say it was the GUI->MC port number ;) Indeed port 257 is the port used by the management console to communicate with the firewall modules. David > -----Message d'origine----- > De: Michael Batchelder [SMTP:piranhabrosat_private] > Date: vendredi 14 septembre 2001 01:53 > À: Alex Butcher; Carmelo Floridia > Cc: pen-testat_private > Objet: Re: How to discover FW-1 management module or GUI? > > > --- Alex Butcher <alexat_private> wrote: > > > > Carmelo Floridia wrote: > > > How can i discover in a LAN the management module > > > or the PC that run FW-1 GUI? > > > > You won't be able to discover the host running the > > GUI other than by sniffing the network and finding a > > host that's communicating with the > > management module. IIRC, the protocol used is > > 258/tcp. > > I've seen a couple incorrect postings to the list of > the GUI->MC port number. Port 258 TCP is the > traditional port that the MC listens on for GUI > connections. Keep in mind that some deviant types > (myself included) tunnel the GUI over SSH w/port > forwarding, just to make life on the hackers harder, > and provide an additional layer of auth. > > You might be able to infer which hosts run the GUI in > a LAN w/o snooping by firewalking any firewall between > the GUI and the MC. Ideally, MC's are behind > firewalls themselves, not sitting around on the LAN. > Ideally... > > As far as discovering the MC, it typically listens for > multiple things besides the GUI client connection. > For example, it listens for connections from VPN > clients for topology downloads, IKE, cert stuff, > etc... There's a whole range of ports from > 256 up > thru 264, plus 900 and some others, OTTOMH. If you > see a machine that fits this profile, you got a MC. > Check www.phoneboy.com for the definitive list. > > Binky > > __________________________________________________ > Terrorist Attacks on U.S. - How can you help? > Donate cash, emergency relief information > http://dailynews.yahoo.com/fc/US/Emergency_Information/ > > -------------------------------------------------------------------------- > -- > This list is provided by the SecurityFocus Security Intelligence Alert > (SIA) > Service. For more information on SecurityFocus' SIA service which > automatically alerts you to the latest security vulnerabilities please > see: > https://alerts.securityfocus.com/ ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
This archive was generated by hypermail 2b30 : Mon Sep 17 2001 - 11:13:28 PDT