Check Point FireWall-1 Identification

medium Nessus Plugin ID 10044

Synopsis

The remote firewall is leaking information.

Description

The remote host has the three TCP ports 256, 257, and 258 open. It's very likely that this host is a Check Point FireWall/1.
A remote attacker could use this information to mount further attacks.

Solution

Do not allow any connections on the firewall itself, except for the firewall protocol, and allow that for trusted sources only.

If you have a router that performs packet filtering, add an ACL that disallows the connection to these ports for unauthorized systems.

See Also

http://www.nessus.org/u?f189d2b7

Plugin Details

Severity: Medium

ID: 10044

File Name: checkpoint.nasl

Version: Revision: 1.21

Type: remote

Family: Firewalls

Published: 7/27/1999

Updated: 9/27/2012

Supported Sensors: Nessus

Risk Information

CVSS v2

Risk Factor: Medium

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:checkpoint:firewall-1