RE: How to discover FW-1 management module or GUI?

[DABDELMO () bouyguestelecom fr]

When I talked about the port 257, I did not say it was the GUI->MC port
number ;)
Indeed port 257 is the port used by the management console to communicate
with the firewall modules.

David

> -----Message d'origine-----
> De:   Michael Batchelder [SMTP:piranhabros () yahoo com]
> Date: vendredi 14 septembre 2001 01:53
> À:    Alex Butcher; Carmelo Floridia
> Cc:   pen-test () securityfocus com
> Objet:        Re: How to discover FW-1 management module or GUI?
>
>
> --- Alex Butcher <alex () s3 integralis co uk> wrote:
> > Carmelo Floridia wrote:
> > > How can i discover in a LAN the management module
> > > or the PC that run FW-1 GUI?
> >
> > You won't be able to discover the host running the
> > GUI other than by sniffing the network and finding a
> > host that's communicating with the 
> > management module. IIRC, the protocol used is
> > 258/tcp.
>
> I've seen a couple incorrect postings to the list of
> the GUI->MC port number.  Port 258 TCP is the
> traditional port that the MC listens on for GUI
> connections.  Keep in mind that some deviant types
> (myself included) tunnel the GUI over SSH w/port
> forwarding, just to make life on the hackers harder,
> and provide an additional layer of auth.
>
> You might be able to infer which hosts run the GUI in
> a LAN w/o snooping by firewalking any firewall between
> the GUI and the MC.  Ideally, MC's are behind
> firewalls themselves, not sitting around on the LAN. 
> Ideally...
>
> As far as discovering the MC, it typically listens for
> multiple things besides the GUI client connection. 
> For example, it listens for connections from VPN
> clients for topology downloads, IKE, cert stuff,
> etc...  There's a whole range of ports from > 256 up
> thru 264, plus 900 and some others, OTTOMH.  If you
> see a machine that fits this profile, you got a MC. 
> Check www.phoneboy.com for the definitive list.
>
> Binky
>
> __________________________________________________
> Terrorist Attacks on U.S. - How can you help?
> Donate cash, emergency relief information
> http://dailynews.yahoo.com/fc/US/Emergency_Information/
>
> --------------------------------------------------------------------------
> --
> This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
> see:
> https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/