[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW1] How do you prevent the Firewal operating system from being identified?
FW management modules & control connections are all INTERNAL, so an EXTERNAL
port scan will not pick them up, as they won't be running on the external
interface.
It would be quite easily to fingerprint from the internal LAN, but then
again, if you're on the internal LAN, you probably know you've a Checkpoint
firewall anyway !
----- Original Message -----
From: Dave Ng Thiam Huat <[email protected]>
To: 'Tim Holman' <[email protected]>; Fernandes, Andy (ANDF)
<[email protected]>; <[email protected]>
Sent: 22 March 2001 09:59
Subject: RE: [FW1] How do you prevent the Firewal operating system from
being identified?
> I understand the rationale of hardening the OS (i.e. stripping all
> unnecessary services)
> I dunn think u will allow ppl to telnet to your FW fm the Internet..
> : <
>
> However, im not sure if the FW modules does open any port for
> the FW mgmt modules...If it does, simple fingerpriniting (like nmap)
> should tell you it's a Checkpoint FW.
> Anyone like to clarify this point??
>
> Warmest Regards
> Thiam Huat
> Network Engineer
> Singapore Telecommunication
> Information System
> DID : 838 3052
>
>
> -----Original Message-----
> From: Tim Holman [mailto:[email protected]]
> Sent: Thursday, March 22, 2001 6:36 AM
> To: Fernandes, Andy (ANDF); [email protected]
> Subject: Re: [FW1] How do you prevent the Firewal operating system from
> being identified?
>
>
>
> Make sure Telnet, finger and SNMP are blocked from the Internet. Also, if
> using security servers, modify the banenrs from within the FW GUI to hide
> the fact that you're running a Checkpoint firewall. The defaults are
> probably well known amongst the hacking community.
> Telnet is the most common way of finding out what version the host is.
> The telnet banner can be stripped if necessary (eg modify inetd.conf under
> UNIX to start telnetd with a -h).
>
> ----- Original Message -----
> From: Fernandes, Andy (ANDF) <[email protected]>
> To: <[email protected]>
> Sent: 21 March 2001 20:40
> Subject: [FW1] How do you prevent the Firewal operating system from being
> identified?
>
>
> >
> > Hello all:
> >
> > I have been told that it is possible to identify a Checkpoint Firewall's
> > operating system type, build and version type from the outside by
> examining
> > banners and using various fingerprinting techniques. How can a
Checkpoint
> > firewall be protected against this vulnerability?
> >
> > Andy
> >
> >
> >
>
============================================================================
> ====
> > To unsubscribe from this mailing list, please see the instructions
at
> > http://www.checkpoint.com/services/mailing.html
> >
>
============================================================================
> ====
> >
>
>
>
============================================================================
> ====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
> ====
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================