Penetration Testing mailing list archives
RE: Penetration Testing a CheckPoint NG FW on Nokia
From: "rzaluski" <rzaluski () ivolution ca>
Date: Thu, 6 Jan 2005 13:23:51 -0500
I have found the following 18262 /tcp CP_Exnet_PK -Check Point Extranet public key advertisement 18263 /tcp CP_Exnet_resolve -Check Point Extranet remote objects resolution Richard Zaluski CISO, Security and Infrastructure Services iVolution Technologies Incorporated 905.309.1911 866.601.4678 905.524.8450 (Pager) www.ivolution.ca rzaluski () ivolution ca Key fingerprint = DB39 7FC3 1F5D AD94 85DD 78B0 774D ======================================================================= CONFIDENTIALITY NOTICE: This email message, including any attachments, is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If you are not the intended recipient, please contact the sender. Any unauthorized review, use, disclosure, or distribution is prohibited. ======================================================================= -----Original Message----- From: Paul Kurczaba [mailto:seclists () securinews com] Sent: Thursday, January 06, 2005 12:02 PM To: cisspstudy () yahoo com; pen-test () securityfocus com Subject: RE: Penetration Testing a CheckPoint NG FW on Nokia I know that 264/tcp is used by securemote to get the site information, and that 500/udp is for IPSec. Does anybody know what 18262/tcp and 18264/tcp is used for? It seems questionable... -Paul -----Original Message----- From: "Jason binger"<cisspstudy () yahoo com> Sent: 1/5/05 5:34:39 PM To: "pen-test () securityfocus com"<pen-test () securityfocus com> Subject: Penetration Testing a CheckPoint NG FW on Nokia I was recently performing a penetration test against a CheckPoint FW running on Nokia and received the following results from a port scan against the host: Interesting ports on XYZ: (The 65531 ports scanned but not shown below are in state: filtered) PORT STATE SERVICE VERSION 264/tcp open fw1-secureremote Checkpoint Firewall1 SecureRemote 500/tcp closed isakmp 18262/tcp closed unknown 18264/tcp open unknown When telnetting to TCP 18264 I received: HTTP/1.0 400 Bad Request Date: Wed, 05 Jan 2005 21:57:57 GMT Server: Check Point SVN foundation Content-Type: text/html Connection: close Content-Length: 200 Opening a browser to TCP 18264 gave an "Internal Server Error". Are there any tools that allow me to brute-force a username and password through the SecuRemote port to gain unauthorised access via VPN? I found this link for bruteforcing usernames on CheckPoint - http://www.securiteam.com/securitynews/5TP040U8AW.html but could not find the supporting tools. Does anyone have this set of tools? and other password bruteforcing tools? Are there any security implications of allowing access to TCP 18262 and TCP 18264 ports? What will break if these ports are closed? Does anyone have a list of other tests that should be performed against a CheckPoint FW? Cheers, __________________________________ Do you Yahoo!? All your favorites on one personal page - Try My Yahoo! http://my.yahoo.com
Attachment:
rzaluski@ivolution.ca (rzaluski@ivolution.ca).vcf
Description:
Current thread:
- Penetration Testing a CheckPoint NG FW on Nokia Jason binger (Jan 06)
- Re: Penetration Testing a CheckPoint NG FW on Nokia Seth Jackson (Jan 06)
- <Possible follow-ups>
- RE: Penetration Testing a CheckPoint NG FW on Nokia Dieter Sarrazyn (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Eliot Mansfield (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Paul Kurczaba (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia rzaluski (Jan 06)
- Re: Penetration Testing a CheckPoint NG FW on Nokia Andre Ludwig (Jan 06)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Sharma, Pankaj (Jan 06)
- Re: Penetration Testing a CheckPoint NG FW on Nokia Frederic Charpentier (Jan 07)
- RE: Penetration Testing a CheckPoint NG FW on Nokia Dieter Sarrazyn (Jan 10)
- Google Hacking and SiteDigger 2.0 Kartik Trivedi (Jan 11)