PORT SCAN Results-389, 1002 open

[avilT]

I am running port scan against the NG FP3. It shows ports 389 and 1002 as open. I have deselected "Accept VPN1 FW1 control connections" from Global Properties. Whay these ports are open?
Thank You

[kva.kva]

I found good sk - https://secureknowledge.checkpoint.c...do?lid=sk17745

[RayPesek]

Is it running Windows 2000? 389 is LDAP and 1002 is the NetMeeting Directory Service. If your policy isn't allowing these services, something is wrong somewhere. More details would be needed to narrow down the guesses.

Ray

[avilT]

Its on Nokia device. Looks like these ports are for IKE. How do I disable this?

[abusharif]

IKE ? uhm.......

Anyway i have several nokia boxes (running ngx) and no such ports are active on these.

Besides the portscan result, please do 'netstat -an|grep LISTEN' on the firewall and post the output. If you cant see anywhere 389 then fw is not listening on those ports and scanner info is faulty.

If you do find 389 in the list then try running tcpdump on interfaces to see if any traffic is passing there (or look in the smartview tracker if u have loggng enabled)

[avilT]

Thank You for the update. Yes its the problem with my ADSL software. The scanner show these 2 ports open for every hosts. Sorry for the trouble.

[abusharif]

Quote:

Originally Posted by avilT

Thank You for the update. Yes its the problem with my ADSL software. The scanner show these 2 ports open for every hosts. Sorry for the trouble.

I'm glad it worked out :)

Talking about port scanners i can recommend you Nmap for testing purposes if you already didn't try it.