This release register firewall-1 service into KB. -- Christophe BRIGUET (Technical Manager) <cbriguetat_private> GPG KeyID: 2DF3E1E8 Public Key : http://www.exaprobe.org/cbriguet.asc Key fingerprint: 61D7 EF8F 704F 3D62 018A ECBF 6F9A 28BE 2DF3 E1E8 # This script was written by Christophe BRIGUET <cbriguetat_private> # (rd: description re-phrased) # # Body of a script # if(description) { script_id(NeedToBeDefine); script_version ("$Revision: 0.2 $"); script_name(english:"CheckPoint Firewall-1 authenticated Telnet server"); script_description(english:" A Firewall-1 authenticated Telnet server is running on this port. Communication between the firewall and the user is cleartext, so password is not encrypted and credential can be sniffed over the wire. Solution : FireWall-1 4.1 SP1 and later support using Session Authentication over SSL. This requires the use of the Session Authentication Client version 4.1 or later. In FireWall-1 NG FP1 and above, you can require Session Authentication to be encrypted with SSL by checking the 'Accept only of connection is encrypted' option in the Session Authentication Action Properties for the rule. Risk factor : Low"); script_summary(english:"The remote CheckPoint Firewall-1 can be accessed via a telnet interface"); script_category(ACT_GATHER_INFO); script_family(english:"Firewalls"); script_copyright(english:"This script is Copyright (C) 2003 ExaProbe"); script_dependencies("find_service.nes"); script_require_ports(1034); exit(0); } # # Actual script starts here # include("telnet_func.inc"); port = 1034; if(get_port_state(port)) { data = get_telnet_banner(port: port); if(data) { if("Check Point FireWall-1 authenticated Telnet server running on" >< data) security_warning(port); register_service(port:port, proto:"firewall-1 auth"); } }
This archive was generated by hypermail 2b30 : Fri Apr 11 2003 - 06:39:16 PDT