NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] How do you prevent the Firewal operating system from being identified?



Make sure SNMP management port 257 is blocked, preferably at your border router.
If ports 256-259 are open, this usually means the FW is Checkpoint.
If you want to be ultraparanoid, log all connections to these ports.
I suppose you can go on and on, but what's the real issue should someone find out you're using Checkpoint ?
They've got over 50% of market share, so if they can't scan your ports, then they've a 1 in 2 chance of knowing it's a Checkpoint firewall !
 
----- Original Message -----
Sent: 22 March 2001 19:55
Subject: RE: [FW1] How do you prevent the Firewal operating system from being identified?

Disable everything you have under your policy propreties,therefore there you will have no implied rules available be default.
From that point you can control 100 % your firewall, based on source destination and service, including your management traffic (256.257.258 and so on).
Simple as that.
 
Regards
-----Original Message-----
From: [email protected] [mailto:[email protected]]On Behalf Of iden fw
Sent: Thursday, March 22, 2001 7:24 AM
To: [email protected]; [email protected]; [email protected]
Subject: Re: [FW1] How do you prevent the Firewal operating system from being identified?


 


 

If you have SecuRemote users, I believe the answer is you can't prevent someone from finding out what OS the firewall is running on.  You will have to have 264/tcp and/or 256/tcp open to the world, unless you know the specific IP addresses of your SecuRemote users.  With those ports open to the world, someone can fingerprint the OS using those open ports.

The security servers may pose the same issue.

-idenfw

>From: "Tim Holman"
>To: "Dave Ng Thiam Huat" , "Fernandes, Andy (ANDF)" ,
>Subject: Re: [FW1] How do you prevent the Firewal operating system from being identified?
>Date: Thu, 22 Mar 2001 12:22:07 -0000
>
>
>FW management modules & control connections are all INTERNAL, so an EXTERNAL
>port scan will not pick them up, as they won't be running on the external
>interface.
>It would be quite easily to fingerprint from the internal LAN, but then
>again, if you're on the internal LAN, you probably know you've a Checkpoint
>firewall anyway !

< Good stuff snipped > 

> >
> > ----- Original Message -----
> > From: Fernandes, Andy (ANDF)
> > To:
> > Sent: 21 March 2001 20:40
> > Subject: [FW1] How do you prevent the Firewal operating system from being
> > identified?
> >
> >
> > >
> > > Hello all:
> > >
> > > I have been told that it is possible to identify a Checkpoint Firewall's
> > > operating system type, build and version type from the outside by
> > examining
> > > banners and using various fingerprinting techniques. How can a
>Checkpoint
> > > firewall be protected against this vulnerability?
> > >
> > > Andy
> > >
> > >
> > >


Get your FREE download of MSN Explorer at http://explorer.msn.com

================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================


 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.