hardware firewall and open ports...

Reply Subscribe

Thread Tools

Search this Thread

02 January 2003, 03:23 PM

Fosters

Scooby Regular

Thread Starter

Join Date: Jul 2000

Location: Islington

Posts: 2,145

Likes: 0

Received 0 Likes on 0 Posts

A friend (who is the network admin today

) has gone to shields up section of www.grc.com and it told her that her http and smtp are vulnerable. I also port sniffed her machine and found that 4 other ports were open.

I don't know much about hardware firewalls, but shouldn't all that be closed off? is it just a case of setting the firewall up properly?

assistance appreciated here.

Mike

Reply Like

02 January 2003, 03:26 PM

ChrisB

Moderator

Join Date: Dec 1998

Location: Staffs

Posts: 23,573

Likes: 0

Received 0 Likes on 0 Posts

Do you know what firewall it is?

Something like the SonicWall in an out of the box config has everything closed and then you open up the holes you want.

Reply Like

02 January 2003, 03:28 PM

Fosters

Scooby Regular

Thread Starter

Join Date: Jul 2000

Location: Islington

Posts: 2,145

Likes: 0

Received 0 Likes on 0 Posts

She says its Symantec and... drum roll... "yellow and hub looking"

Reply Like

02 January 2003, 03:40 PM

ChrisB

Moderator

Join Date: Dec 1998

Location: Staffs

Posts: 23,573

Likes: 0

Received 0 Likes on 0 Posts

Sounds like a Symantec Firewall Appliance jobbie, similar to the SonicWall.

Not a clue about it though!

http://enterprisesecurity.symantec.c...uctID=63&EID=0

Reply Like

02 January 2003, 03:41 PM

JackClark

Scooby Senior

Join Date: Dec 2000

Location: Overdosed on LCD

Posts: 20,852

Likes: 33

Received 51 Likes on 34 Posts

One of these most likely

Reply Like

02 January 2003, 03:48 PM

ChrisB

Moderator

Join Date: Dec 1998

Location: Staffs

Posts: 23,573

Likes: 0

Received 0 Likes on 0 Posts

Thinking about it...

Having SMTP open makes sense - I would guess they run a mail server which the outside world needs to talk to. You'll find SMTP open on our firewall.

HTTP is less clear cut. Do they host their own web site? Or maybe HTTP is open for remote webmail?

What are the other port numbers?

Reply Like

02 January 2003, 03:53 PM

Fosters

Scooby Regular

Thread Starter

Join Date: Jul 2000

Location: Islington

Posts: 2,145

Likes: 0

Received 0 Likes on 0 Posts

it's a Symantec Firewall/VPN Appliance 100

and the ports I found are: 389, 1002, 1002 and 1720 although I didn't sniff past port 2000

Reply Like

Trending Topics

Sensor lever on left hand front suspension arm?

2

93
Key won't move in ignition?(Impreza 1999)

1

91
White jdm hawkeye 2006

132

16.7k
Full detail & ceramic coating

4

855
2.1 Stroker GT35 - Rotated - 500+ - DCCD - Link etc - Prodrive Bug shell

1

1.2k

02 January 2003, 04:10 PM

Jeff Wiltshire

Scooby Regular

Join Date: Nov 2000

Location: 412 Wheel HP Audi RS4

Posts: 2,021

Likes: 0

Received 1 Like on 1 Post

The Symantec box is based on Raptor which does an odd combination of Port Filtering, Stateful Inspection & Proxy....

389 & 1002 are LDAP ports and 1720 is H323 .... I would guess that these are configured in the Proxy side of the box. The symantec product really does need to be set-up properly.

I would also not really on the Gibson Research web page.....!

Jeff

Reply Like

01 February 2003, 04:09 PM

ChrisB

Moderator

Join Date: Dec 1998

Location: Staffs

Posts: 23,573

Likes: 0

Received 0 Likes on 0 Posts

389 is LDAP, 1002 no idea, 1720 is H323.

389 and 1720 make me think of something like NetMeeting or something for conferencing?

{Edit 'cos I can't read

}

[Edited by ChrisB - 1/2/2003 4:12:20 PM]

Reply Like