have a look at phoneboy.com, those are okay ports.
256 is for exchange of keys between management consoles and for pushing
policy to remote nodes (SR <=4005 uses it for key fetching, too). IIRC
this is the state table synchronization port as well, but it might be 259.
257 is used by the remote nodes to send logs to management servers
258 is used by the remote GUI
259 is used for client authentication
HTH
--
Jack Coates, Rainfinity SE
t: 650-962-5301 m: 650-280-4376
On Mon, 17 Jul 2000, Padden, Greg wrote:
> I've got a friend how is more or less a LAN Admin type that recently took
> over a FW-1 installation running on Solaris and found the following ports
> open on his box.
>
> Are the ports 256, 257, 258, 259 an indication that his FW has been hacked?
> I haven't see these ports open on other FW-1 boxes.
>
> Starting nmap V. 2.12 by Fyodor ([EMAIL PROTECTED], www.insecure.org/nmap/)
> Interesting ports on r4keytower-qfe-0.metrokc.gov (146.129.191.142):
> Port State Protocol Service
> 21 open tcp ftp
> 23 open tcp telnet
> 25 open tcp smtp
> 111 open tcp sunrpc
> 256 open tcp rap
> 257 open tcp set
> 258 open tcp yak-chat
> 259 open tcp esro-gen
> 4045 open tcp lockd
> 6000 open tcp X11
>
>
> Network Engineer, MSCE, CCNA
> Information and Telecommunications Services
> King County
> 700 5th Ave, Suite 1800
> Seattle, WA 98104
> (206)263-4804 Fax (206)263-4834
> <<Padden, Greg.vcf>>
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
