[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] How do you prevent the Firewal operating system from be ing identified?
Block ports 256 - 258. These are the ports fw-1 advertises on. Probably better off blocking them at your boundary router. -----Original Message----- From: Tim Holman [mailto:[email protected]] Sent: 21 March 2001 22:36 To: Fernandes, Andy (ANDF); [email protected] Subject: Re: [FW1] How do you prevent the Firewal operating system from being identified? Make sure Telnet, finger and SNMP are blocked from the Internet. Also, if using security servers, modify the banenrs from within the FW GUI to hide the fact that you're running a Checkpoint firewall. The defaults are probably well known amongst the hacking community. Telnet is the most common way of finding out what version the host is. The telnet banner can be stripped if necessary (eg modify inetd.conf under UNIX to start telnetd with a -h). ----- Original Message ----- From: Fernandes, Andy (ANDF) <[email protected]> To: <[email protected]> Sent: 21 March 2001 20:40 Subject: [FW1] How do you prevent the Firewal operating system from being identified? > > Hello all: > > I have been told that it is possible to identify a Checkpoint Firewall's > operating system type, build and version type from the outside by examining > banners and using various fingerprinting techniques. How can a Checkpoint > firewall be protected against this vulnerability? > > Andy > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ********************************************************************** Privileged/Confidential Information may be contained in this message. If you are not the addressee indicated in this message (or responsible for delivery of the message to such person), you may not copy or deliver this message to anyone. In such case, you should destroy this message and kindly notify the sender by reply email. Please advise immediately if you or your employer do not consent to Internet email for messages of this kind. Opinions, conclusions and other information in this message that do not relate to the official business of Marrakech and shall be understood as neither given nor endorsed by it. ********************************************************************** ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|