[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] AW: [FW-1] AW: [FW-1] NG: ftp reject: reason tried to open tcp se rvice port, port XYZ
Well, in 4.1 you can simply change the appropriate lines of the server port check to // ports which are dangerous to connect to define NOTSERVER_TCP_PORT(p) { (not ( p < 1024, set sr10 RCODE_SMALL_PORT, set sr11 0, set sr12 p, set sr1 0, log bad_conn) ) }; and will get the effect. This is well known and already distributed to some knowledge bases (CP, Nokia) and FAQs (Phoneboy). -----Ursprüngliche Nachricht----- Von: Torkel Mathisen [mailto:[email protected]] Gesendet: Dienstag, 14. Mai 2002 09:27 An: [email protected] Betreff: Re: [FW-1] AW: [FW-1] NG: ftp reject: reason tried to open tcp se rvice port, port XYZ Hi How do you fix this problem in 4.1? Same way? Regards, Torkel > -----Original Message----- > From: Schaar, Norbert [mailto:[email protected]] > Sent: 13. mai 2002 18:16 > To: [email protected] > Subject: [FW-1] AW: [FW-1] NG: ftp reject: reason tried to open tcp > service port, port XYZ > > > Of course, there is a way to change this behaviour even under NG but > it will disable the port check functionality of all ftp data > connections, don't know > if this is really what you want. However, Check Point is > suggesting not to > do base.def changes in NG anymore but to call the technical > Service instead. > This should be the path to go, I think and, therefore, you > didnÄt find any > hint. > Well, the way FW-1 does this "dangerous port check" was > seriously changed > with NG FP2. The appropriate function definitions consists of > new kernel > function calls and when you change the wrong part, you will > loose ALL ftp > data connectivity... > If you don't be afraid about that, go to the FTP macro > definition part in > base.def, find the NOTSERVER_TCP_PORT function (should be > there two times) > and replace the segment register there with a port number of > you choice that > will never be used as a service. This will do the trick but, > again, I would > stay away from that for support and security reasons. > > -----Ursprüngliche Nachricht----- > Von: egonle [mailto:[email protected]] > Gesendet: Montag, 13. Mai 2002 09:14 > An: [email protected] > Betreff: [FW-1] NG: ftp reject: reason tried to open tcp service port, > port XYZ > > > Hi, > > after upgrading our NG management server, v4.1SP5 modules reject > different ftp session with the following info message: > reason: tried to open tcp service port, port XYZ > > There's a secureknowledge document regarding this issue for the v4.1 > management server however I didn't find any hint how to change this > behaviour for NG. Anyone else? > > Regards, > Egonle. > > __________________________________________________________________ > Nur bei Netscape: Ihr KOSTENLOSER Netscape WebMail-Account und der > Instant Messenger unter http://www.netscape.de > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|