Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] security hole isakmp

To: [email protected]
Subject: Re: [FW-1] security hole isakmp
From: Force Majeur <[email protected]>
Date: Fri, 3 May 2002 09:01:55 +0700
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

if you have enabled the VPN or IPSec function in the firewall, i think
nessus had generated the false alert.

Because as far as i know, the IPSec is using port 500/UDP for tunneling.


----- Original Message -----
From: "Jochen Vogel" <[email protected]>
To: <[email protected]>
Sent: Thursday, May 02, 2002 5:44 PM
Subject: [FW-1] security hole isakmp


> hi,
>
> i scanned the firewall with nessus and get the following result
>
> . List of open ports :
>    o isakmp (500/udp) (Security hole found)
>
>  . Vulnerability found on port isakmp (500/udp) :
>
>
>     The remote IPSEC server seems to have a problem negotiating
>     bogus IKE requests.
>
>     An attacker may use this flaw to disable your VPN remotely
>
>     Solution: Contact your vendor for a patch
>     Risk factor:
>      High
>
> if i view the firwall log i saw that the connection to udp/500 was
rejected
>
> if i make a tcpdump i saw that the port was unreachable
> 12:37:48.056664 scanner.1500 > firewall: udp 0
> 12:37:48.056684 firewall > scanner: icmp: 213.61.74.2 udp port 500
> unreachable
>
> -does anybody know why nessus find the hole?
> -is there a workaround for this problem?
>
> thx for help
> Jo
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
>
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] security hole isakmp
  - From: Jochen Vogel <[email protected]>

Prev by Date: Re: [FW-1] Site to Site VPN Question
Next by Date: Re: [FW-1] CCSA/CCSE boot camp
Previous by thread: [FW-1] security hole isakmp
Next by thread: Re: [FW-1] security hole isakmp
Index(es):
- Date
- Thread