According to PhoneBoy's FAQ, Which Ports Does FireWall-1 Use:
http://www.phoneboy.com/fw1/faq/0105.html
256/tcp thru 259/tcp may be reachable from the Internet. It all
depends on the security stance of the site, and whether ACLs also
protect the firewall.
Personally, I would be more concerned about the telnet and ftp
(unless they're the security servers running on the box) and I
would explicitly block 111/udp, 4045/tcp (NFS, I believe) and
6000/tcp (X-Windows). There's no reason these should be running,
much less reachable from the Internet.
Steve
"Padden, Greg" wrote:
>
>
> I've got a friend how is more or less a LAN Admin type that recently took
> over a FW-1 installation running on Solaris and found the following ports
> open on his box.
>
> Are the ports 256, 257, 258, 259 an indication that his FW has been hacked?
> I haven't see these ports open on other FW-1 boxes.
>
> Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
> Interesting ports on r4keytower-qfe-0.metrokc.gov (146.129.191.142):
> Port State Protocol Service
> 21 open tcp ftp
> 23 open tcp telnet
> 25 open tcp smtp
> 111 open tcp sunrpc
> 256 open tcp rap
> 257 open tcp set
> 258 open tcp yak-chat
> 259 open tcp esro-gen
> 4045 open tcp lockd
> 6000 open tcp X11
>
> Network Engineer, MSCE, CCNA
> Information and Telecommunications Services
> King County
> 700 5th Ave, Suite 1800
> Seattle, WA 98104
> (206)263-4804 Fax (206)263-4834
> <<Padden, Greg.vcf>>
--
Steven Lee, CISSP (206) 762-4000 x104
Senior Network Security Engineer (206) 762-4400 FAX
AVCOM Technologies, Inc. (800) 817-9525 Pager
4636 E Marginal Way S, Ste B-100 http://www.avcom.com
Seattle, WA 98134-2383 mailto:[EMAIL PROTECTED]
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
