RE: Hacking FW-1 programs

Hiemstra, Brenno Thu, 12 Jul 2001 04:09:12 -0700
Sure....

Just block all the FW-1 management ports on you border router

Or just finetune your router ACL so that people that need to connect
to your firewall from the internet are able to do that...

This way makes detecting a FW-1 on the internet (or internal network
if you are trully paranoid) a bit more difficult.

Regards,

Brenno

( you can find the port which Checkpoint Firewall-1 use on
http://www.phoneboy.com/faq/0105.html )

> -----Original Message-----
> From: Russell Aspinwall [SMTP:[EMAIL PROTECTED]]
> Sent: donderdag 12 juli 2001 12:36
> To:   Chris Tobkin
> Cc:   Cessna, Michael; Eric Johnson; [EMAIL PROTECTED]
> Subject:      Re: Hacking FW-1  programs
> 
> Hi,
> 
> Can fingerprinting a Checkpoint FW be made more difficult by using a 
> packet filtering router on the Internet facing interface, so that all 
> the only selected IP addresses can access the ports < 1023.
> 
> Regards
> 
> Russell
> 
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
_______________________________________________
Firewalls mailing list
[EMAIL PROTECTED]
http://lists.gnac.net/mailman/listinfo/firewalls
RE: Hacking FW-1 programs

Reply via email to
