Penetration Testing mailing list archives
RE: How to discover FW-1 management module or GUI?
From: DABDELMO () bouyguestelecom fr
Date: Mon, 17 Sep 2001 11:03:57 +0200
When I talked about the port 257, I did not say it was the GUI->MC port number ;) Indeed port 257 is the port used by the management console to communicate with the firewall modules. David
-----Message d'origine----- De: Michael Batchelder [SMTP:piranhabros () yahoo com] Date: vendredi 14 septembre 2001 01:53 À: Alex Butcher; Carmelo Floridia Cc: pen-test () securityfocus com Objet: Re: How to discover FW-1 management module or GUI? --- Alex Butcher <alex () s3 integralis co uk> wrote:Carmelo Floridia wrote:How can i discover in a LAN the management module or the PC that run FW-1 GUI?You won't be able to discover the host running the GUI other than by sniffing the network and finding a host that's communicating with the management module. IIRC, the protocol used is 258/tcp.I've seen a couple incorrect postings to the list of the GUI->MC port number. Port 258 TCP is the traditional port that the MC listens on for GUI connections. Keep in mind that some deviant types (myself included) tunnel the GUI over SSH w/port forwarding, just to make life on the hackers harder, and provide an additional layer of auth. You might be able to infer which hosts run the GUI in a LAN w/o snooping by firewalking any firewall between the GUI and the MC. Ideally, MC's are behind firewalls themselves, not sitting around on the LAN. Ideally... As far as discovering the MC, it typically listens for multiple things besides the GUI client connection. For example, it listens for connections from VPN clients for topology downloads, IKE, cert stuff, etc... There's a whole range of ports from > 256 up thru 264, plus 900 and some others, OTTOMH. If you see a machine that fits this profile, you got a MC. Check www.phoneboy.com for the definitive list. Binky __________________________________________________ Terrorist Attacks on U.S. - How can you help? Donate cash, emergency relief information http://dailynews.yahoo.com/fc/US/Emergency_Information/ -------------------------------------------------------------------------- -- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- RE: How to discover FW-1 management module or GUI? DABDELMO (Sep 13)
- <Possible follow-ups>
- RE: How to discover FW-1 management module or GUI? DABDELMO (Sep 17)
- RE: How to discover FW-1 management module or GUI? Ricci @ ismart (Sep 18)