Plugin for tcp/1034 authentication port in Checkpoint Fw-1

From: Christophe BRIGUET (cbriguetat_private)
Date: Fri Apr 11 2003 - 06:14:52 PDT

  • Next message: Christophe BRIGUET: "Re: Plugin for tcp/1034 authentication port in Checkpoint Fw-1"

    Hi Plugin Writers, I write a plugin to check the tcp/1034 authentication
    port include in Checkpoint FW-1 (see attachment). Which ID can I use ?
    
    Thanks,
    
    -- 
    Christophe BRIGUET (Technical Manager) <cbriguetat_private>
    GPG KeyID: 2DF3E1E8 Public Key : http://www.exaprobe.org/cbriguet.asc
    Key fingerprint: 61D7 EF8F 704F 3D62 018A  ECBF 6F9A 28BE 2DF3 E1E8
    
    
    # This script was written by Christophe BRIGUET <cbriguetat_private>
    
    
    # (rd: description re-phrased)
    
    
    #
    # Body of a script
    #
    if(description)
    {
     script_id(NeedToBeDefine);
     script_version ("$Revision: 0.1 $");
     script_name(english:"CheckPoint Firewall-1 authenticated Telnet server");
     script_description(english:"
    A Firewall-1 authenticated Telnet server is running on this port.
    
    Communication between the firewall and the user is cleartext, so password is not encrypted and credential can be sniffed over the wire.
    
    Solution :
    
    FireWall-1 4.1 SP1 and later support using Session Authentication over SSL. This requires the use of the Session Authentication Client version 4.1 or later. In
    FireWall-1 NG FP1 and above, you can require Session Authentication to be encrypted with SSL by checking the 'Accept only of connection is encrypted' option in
    the Session Authentication Action Properties for the rule.
    Risk factor : Low");
    
     script_summary(english:"The remote CheckPoint Firewall-1 can be accessed via a
    telnet interface");
     script_category(ACT_GATHER_INFO);
     script_family(english:"Firewalls");
     script_copyright(english:"This script is Copyright (C) 2003 ExaProbe");
     script_dependencies("find_service.nes");
     script_require_ports(1034);
     exit(0);
    }
    
    #
    # Actual script starts here
    #
    include("telnet_func.inc");
    
    port = 1034;
    if(get_port_state(port))
    {
     data = get_telnet_banner(port: port);
     if(data)
     {
      if("Check Point FireWall-1 authenticated Telnet server running on" >< data)
            security_warning(port);
     }
    }
    



    This archive was generated by hypermail 2b30 : Fri Apr 11 2003 - 06:15:55 PDT