Check Point FireWall-1 Identification

Medium Nessus Plugin ID 10044


The remote firewall is leaking information.


The remote host has the three TCP ports 256, 257, and 258 open. It's very likely that this host is a Check Point FireWall/1.
A remote attacker could use this information to mount further attacks.


Do not allow any connections on the firewall itself, except for the firewall protocol, and allow that for trusted sources only.

If you have a router that performs packet filtering, add an ACL that disallows the connection to these ports for unauthorized systems.

See Also

Plugin Details

Severity: Medium

ID: 10044

File Name: checkpoint.nasl

Version: $Revision: 1.21 $

Type: remote

Family: Firewalls

Published: 1999/07/27

Modified: 2012/09/27

Risk Information

Risk Factor: Medium


Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N

Vulnerability Information

CPE: cpe:/a:checkpoint:firewall-1