Re: Penetration Testing a CheckPoint NG FW on Nokia

From: Andre Ludwig (andre.ludwig@gmail.com)
Date: Thu Jan 06 2005 - 12:38:06 EST

• Next message: Sharma, Pankaj: "RE: Penetration Testing a CheckPoint NG FW on Nokia"
• Previous message: Seth Jackson: "Re: Penetration Testing a CheckPoint NG FW on Nokia"
• In reply to: Paul Kurczaba: "RE: Penetration Testing a CheckPoint NG FW on Nokia"
• Next in thread: rzaluski: "RE: Penetration Testing a CheckPoint NG FW on Nokia"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

http://www.fw-1.de/aerasec/ng/ports-ng.html

Andre ludwig

On Thu, 6 Jan 2005 12:01:33 -0500, Paul Kurczaba
<seclists@securinews.com> wrote:
> I know that 264/tcp is used by securemote to get the site information, and that 500/udp is for IPSec. Does anybody know what 18262/tcp and 18264/tcp is used for? It seems questionable...
>
> -Paul
> -----Original Message-----
> From: "Jason binger"<cisspstudy@yahoo.com>
> Sent: 1/5/05 5:34:39 PM
> To: "pen-test@securityfocus.com"<pen-test@securityfocus.com>
> Subject: Penetration Testing a CheckPoint NG FW on Nokia
> I was recently performing a penetration test against a
> CheckPoint FW running on Nokia and received the
> following results from a port scan against the host:
>
> Interesting ports on XYZ:
> (The 65531 ports scanned but not shown below are in
> state: filtered)
> PORT STATE SERVICE VERSION
> 264/tcp open fw1-secureremote Checkpoint Firewall1
> SecureRemote
> 500/tcp closed isakmp
> 18262/tcp closed unknown
> 18264/tcp open unknown
>
> When telnetting to TCP 18264 I received:
>
> HTTP/1.0 400 Bad Request
> Date: Wed, 05 Jan 2005 21:57:57 GMT
> Server: Check Point SVN foundation
> Content-Type: text/html
> Connection: close
> Content-Length: 200
>
> Opening a browser to TCP 18264 gave an "Internal
> Server Error".
>
> Are there any tools that allow me to brute-force a
> username and password through the SecuRemote port to
> gain unauthorised access via VPN?
>
> I found this link for bruteforcing usernames on
> CheckPoint -
> http://www.securiteam.com/securitynews/5TP040U8AW.html
> but could not find the supporting tools. Does anyone
> have this set of tools? and other password
> bruteforcing tools?
>
> Are there any security implications of allowing access
> to TCP 18262 and TCP 18264 ports? What will break if
> these ports are closed?
>
> Does anyone have a list of other tests that should be
> performed against a CheckPoint FW?
>
> Cheers,
>
> __________________________________
> Do you Yahoo!?
> All your favorites on one personal page – Try My Yahoo!
> http://my.yahoo.com
>
>

• Next message: Sharma, Pankaj: "RE: Penetration Testing a CheckPoint NG FW on Nokia"
• Previous message: Seth Jackson: "Re: Penetration Testing a CheckPoint NG FW on Nokia"
• In reply to: Paul Kurczaba: "RE: Penetration Testing a CheckPoint NG FW on Nokia"
• Next in thread: rzaluski: "RE: Penetration Testing a CheckPoint NG FW on Nokia"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:12 EDT