A friend (who is the network admin today ) has gone to shields up section of www.grc.com and it told her that her http and smtp are vulnerable. I also port sniffed her machine and found that 4 other ports were open.

I don't know much about hardware firewalls, but shouldn't all that be closed off? is it just a case of setting the firewall up properly?

assistance appreciated here.

Mike

 

Do you know what firewall it is?

Something like the SonicWall in an out of the box config has everything closed and then you open up the holes you want.

 

She says its Symantec and... drum roll... "yellow and hub looking"

 

Sounds like a Symantec Firewall Appliance jobbie, similar to the SonicWall.

Not a clue about it though!

http://enterprisesecurity.symantec.c...uctID=63&EID=0

 

One of these most likely

 

Thinking about it...

Having SMTP open makes sense - I would guess they run a mail server which the outside world needs to talk to. You'll find SMTP open on our firewall.

HTTP is less clear cut. Do they host their own web site? Or maybe HTTP is open for remote webmail?

What are the other port numbers?

 

it's a Symantec Firewall/VPN Appliance 100

and the ports I found are: 389, 1002, 1002 and 1720 although I didn't sniff past port 2000

 

The Symantec box is based on Raptor which does an odd combination of Port Filtering, Stateful Inspection & Proxy....

389 & 1002 are LDAP ports and 1720 is H323 .... I would guess that these are configured in the Proxy side of the box. The symantec product really does need to be set-up properly.

I would also not really on the Gibson Research web page.....!


Jeff

 

389 is LDAP, 1002 no idea, 1720 is H323.

389 and 1720 make me think of something like NetMeeting or something for conferencing?

{Edit 'cos I can't read }

[Edited by ChrisB - 1/2/2003 4:12:20 PM]