Just changing the headers won't be all that useful in concealing what
you're running.
- I don't think any other products out there run a web server on port
18264
- If your man types "GET / HTTP/1.0" instead of "?", the result page
includes
"<TITLE>Check Point Certificate Services</TITLE>" in the header, wants
to load a (presumably unique to checkpoint) activex control, and ends
with a PKCS # 7 certificate.
Even if you get every overt reference to checkpoint out of the results,
that's all pretty distinctive. So I guess, examine the value of
concealing the presence of a checkpoint firewall. If it seems worth it,
either allow the service manually, or just drop it at a border router.
Cheers
Mark
> -----Original Message-----
> From: Mailing list for discussion of Firewall-1
> [mailto:FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM] On Behalf
> Of Cheong Ket Vin
> Sent: June 2, 2005 20:41
> To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> Subject: Re: [FW-1] Closing port 18264
>
> Hi List,
>
>
> One of the concern on this issue, is that this port is
> leaking information, telling others it is a checkpoint firewall.
>
> # telnet xx.xx.xx.xx 18264
> Trying xx.xx.xx.xx...
> Connected to xx.xx.xx.xx.
> Escape character is '^]'.
> ?
> HTTP/1.0 400 Bad Request
> Date: Fri, 03 Jun 2005 10:43:03 GMT
> Server: Check Point SVN foundation/NG FP2
> Content-Type: text/html
> Connection: close
>
> It is neccessary for the port to be openned. So what I should
> look for is the way to tuned the webserver not to return the
> checkpoint server header.
>
> I think it is not recommended by checkpoint to manually tweak
> the nokia webserver conf file, but is there anyone of you
> play with that before?
>
>
> Thanks
>
>
>
>
> On Friday 03 June 2005 04:13 am, Ray wrote:
> > Disable the control & remote access connection implied
> rules and manually
> > create just the rules you need with the appropriate source
> and destination.
> > Be in for some pain, though, and make sure you go through the SK
> > knowledgebase looking for many articles on how to do this properly.
> >
> > Ray
> >
> > >From: Cheong Ket Vin <ketvin AT SILICON.COM DOT MY>
> > >Reply-To: Mailing list for discussion of Firewall-1
> > ><FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM>
> > >To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
> > >Subject: [FW-1] Closing port 18264
> > >Date: Thu, 2 Jun 2005 18:05:09 +0800
> > >
> > >Hi list,
> > >
> > >
> > >We run penetration test lately on checkpoint FP3 running
> on Nokia IP350
> > > box and found that port 18264 is currently open.
> > >
> > >I knew that 18264/tcp is FW1_ica_services for CheckPoint
> Internal CA to
> > >fetch
> > >CRL and User Registration Services. But is there anyway to
> shutdown that
> > >port
> > >on the interface facing internet ?
> > >
> > >
> > >Thanks
> > >
> > >********************* Confidentiality Notice
> **************************
> > >This message contains confidential information and is
> intended only for
> > >the individual named. If you are not the named addressee
> you should
> > >not disseminate, distribute or copy this e-mail. Please notify the
> > >sender immediately by e-mail if you have received this e-mail by
> > >mistake and delete this e-mail from your system.
> > >*****************************************************************
> > >
> > >=================================================
> > >To set vacation, Out-Of-Office, or away messages,
> > >send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > >in the BODY of the email add:
> > >set fw-1-mailinglist nomail
> > >=================================================
> > >To unsubscribe from this mailing list,
> > >please see the instructions at
> > >http://www.checkpoint.com/services/mailing.html
> > >=================================================
> > >If you have any questions on how to change your
> > >subscription options, email
> > >fw-1-owner AT ts.checkpoint DOT com
> > >=================================================
> >
> > =================================================
> > To set vacation, Out-Of-Office, or away messages,
> > send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> > in the BODY of the email add:
> > set fw-1-mailinglist nomail
> > =================================================
> > To unsubscribe from this mailing list,
> > please see the instructions at
> > http://www.checkpoint.com/services/mailing.html
> > =================================================
> > If you have any questions on how to change your
> > subscription options, email
> > fw-1-owner AT ts.checkpoint DOT com
> > =================================================
>
> ********************* Confidentiality Notice
> **************************
> This message contains confidential information and is
> intended only for
> the individual named. If you are not the named addressee you should
> not disseminate, distribute or copy this e-mail. Please notify the
> sender immediately by e-mail if you have received this e-mail by
> mistake and delete this e-mail from your system.
> *****************************************************************
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to LISTSERV AT amadeus.us.checkpoint DOT com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-owner AT ts.checkpoint DOT com
> =================================================
>
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.
This email and any files transmitted with it are confidential and intended
solely for the use of the individual or entity to whom they are addressed. If
you have received this email in error please notify the system manager. This
message contains confidential information and is intended only for the
individual named. If you are not the named addressee you should not
disseminate, distribute or copy this e-mail.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
