--- Alex Butcher <alex_at_s3.integralis.co.uk> wrote:
>
> Carmelo Floridia wrote:
> > How can i discover in a LAN the management module
> > or the PC that run FW-1 GUI?
>
> You won't be able to discover the host running the
> GUI other than by sniffing the network and finding a
> host that's communicating with the
> management module. IIRC, the protocol used is
> 258/tcp.
I've seen a couple incorrect postings to the list of
the GUI->MC port number. Port 258 TCP is the
traditional port that the MC listens on for GUI
connections. Keep in mind that some deviant types
(myself included) tunnel the GUI over SSH w/port
forwarding, just to make life on the hackers harder,
and provide an additional layer of auth.
You might be able to infer which hosts run the GUI in
a LAN w/o snooping by firewalking any firewall between
the GUI and the MC. Ideally, MC's are behind
firewalls themselves, not sitting around on the LAN.
Ideally...
As far as discovering the MC, it typically listens for
multiple things besides the GUI client connection.
For example, it listens for connections from VPN
clients for topology downloads, IKE, cert stuff,
etc... There's a whole range of ports from > 256 up
thru 264, plus 900 and some others, OTTOMH. If you
see a machine that fits this profile, you got a MC.
Check www.phoneboy.com for the definitive list.
Binky
__________________________________________________
Terrorist Attacks on U.S. - How can you help?
Donate cash, emergency relief information
http://dailynews.yahoo.com/fc/US/Emergency_Information/
----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Sep 14 2001
Intro
