RE: How to discover FW-1 management module or GUI?

Hello All,

        In fact, if I can get in touch of the port 256-258 of FW-1, what exploits
and vulnerabilities you can think of for attacking the system?

        Thanks.

Ricci

-----Original Message-----
From: DABDELMO_at_bouyguestelecom.fr [mailto:DABDELMO_at_bouyguestelecom.fr]
Sent: Monday, September 17, 2001 5:04 PM
To: piranhabros_at_yahoo.com; alex_at_s3.integralis.co.uk;
carmelo.floridia_at_keyconsultants.it
Cc: pen-test_at_securityfocus.com
Subject: RE: How to discover FW-1 management module or GUI?

When I talked about the port 257, I did not say it was the GUI->MC port
number ;)
Indeed port 257 is the port used by the management console to communicate
with the firewall modules.

David

> -----Message d'origine-----
> De: Michael Batchelder [SMTP:piranhabros_at_yahoo.com]
> Date: vendredi 14 septembre 2001 01:53
> À: Alex Butcher; Carmelo Floridia
> Cc: pen-test_at_securityfocus.com
> Objet: Re: How to discover FW-1 management module or GUI?
>
>
> --- Alex Butcher <alex_at_s3.integralis.co.uk> wrote:
> >
> > Carmelo Floridia wrote:
> > > How can i discover in a LAN the management module
> > > or the PC that run FW-1 GUI?
> >
> > You won't be able to discover the host running the
> > GUI other than by sniffing the network and finding a
> > host that's communicating with the
> > management module. IIRC, the protocol used is
> > 258/tcp.
>
> I've seen a couple incorrect postings to the list of
> the GUI->MC port number. Port 258 TCP is the
> traditional port that the MC listens on for GUI
> connections. Keep in mind that some deviant types
> (myself included) tunnel the GUI over SSH w/port
> forwarding, just to make life on the hackers harder,
> and provide an additional layer of auth.
>
> You might be able to infer which hosts run the GUI in
> a LAN w/o snooping by firewalking any firewall between
> the GUI and the MC. Ideally, MC's are behind
> firewalls themselves, not sitting around on the LAN.
> Ideally...
>
> As far as discovering the MC, it typically listens for
> multiple things besides the GUI client connection.
> For example, it listens for connections from VPN
> clients for topology downloads, IKE, cert stuff,
> etc... There's a whole range of ports from > 256 up
> thru 264, plus 900 and some others, OTTOMH. If you
> see a machine that fits this profile, you got a MC.
> Check www.phoneboy.com for the definitive list.
>
> Binky
>
> __________________________________________________
> Terrorist Attacks on U.S. - How can you help?
> Donate cash, emergency relief information
> http://dailynews.yahoo.com/fc/US/Emergency_Information/
>
> --------------------------------------------------------------------------
> --
> This list is provided by the SecurityFocus Security Intelligence Alert
> (SIA)
> Service. For more information on SecurityFocus' SIA service which
> automatically alerts you to the latest security vulnerabilities please
> see:
> https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/
Received on Sep 18 2001