From: Sharma, Pankaj (psharma@panynj.gov)
Date: Thu Jan 06 2005 - 13:36:32 EST
18262 /tcp CP_Exnet_PK Check Point Extrnet public key advertisement
- Protocol for exchange of public keys when configuring Extranet
no more supported since NG AI R55
18263 /tcp CP_Exnet_resolve Check Point Extranet remote objects resolution
- Protocol for importing exported objects from partner in Extranet
no more supported since NG AI R55
18264 /tcp FW1_ica_services Check Point Internal CA Fetch CRL and User Registration Services
- Protocol for Certificate Revocation Lists and registering users when using the Policy Server
- needed when e.g. FWM is starting
-----Original Message-----
From: Paul Kurczaba [mailto:seclists@securinews.com]
Sent: Thursday, January 06, 2005 12:02 PM
To: cisspstudy@yahoo.com; pen-test@securityfocus.com
Subject: RE: Penetration Testing a CheckPoint NG FW on Nokia
I know that 264/tcp is used by securemote to get the site information, and that 500/udp is for IPSec. Does anybody know what 18262/tcp and 18264/tcp is used for? It seems questionable...
-Paul
-----Original Message-----
From: "Jason binger"<cisspstudy@yahoo.com>
Sent: 1/5/05 5:34:39 PM
To: "pen-test@securityfocus.com"<pen-test@securityfocus.com>
Subject: Penetration Testing a CheckPoint NG FW on Nokia
I was recently performing a penetration test against a
CheckPoint FW running on Nokia and received the
following results from a port scan against the host:
Interesting ports on XYZ:
(The 65531 ports scanned but not shown below are in
state: filtered)
PORT STATE SERVICE VERSION
264/tcp open fw1-secureremote Checkpoint Firewall1
SecureRemote
500/tcp closed isakmp
18262/tcp closed unknown
18264/tcp open unknown
When telnetting to TCP 18264 I received:
HTTP/1.0 400 Bad Request
Date: Wed, 05 Jan 2005 21:57:57 GMT
Server: Check Point SVN foundation
Content-Type: text/html
Connection: close
Content-Length: 200
Opening a browser to TCP 18264 gave an "Internal
Server Error".
Are there any tools that allow me to brute-force a
username and password through the SecuRemote port to
gain unauthorised access via VPN?
I found this link for bruteforcing usernames on
CheckPoint -
http://www.securiteam.com/securitynews/5TP040U8AW.html
but could not find the supporting tools. Does anyone
have this set of tools? and other password
bruteforcing tools?
Are there any security implications of allowing access
to TCP 18262 and TCP 18264 ports? What will break if
these ports are closed?
Does anyone have a list of other tests that should be
performed against a CheckPoint FW?
Cheers,
__________________________________
Do you Yahoo!?
All your favorites on one personal page - Try My Yahoo!
http://my.yahoo.com
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:54:12 EDT