CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


** Announcing the #CPUGchallenge **

I'm very happy to announce that CPUG will be hosting "The CPUG Challenge" during CPX this year.
It promises to be a fun and interesting event that will test (and maybe even expand) your knowledge of R80.10.
Whether or not you plan to attend CPX, we have something for you. Please check out this post or the CPUGchallenge.com web site for more information. -E

 

Results 1 to 4 of 4

Thread: Seeking explanation of high ports listening:

  1. #1
    Join Date
    2011-08-31
    Posts
    14
    Rep Power
    0

    Default Seeking explanation of high ports listening:

    Hey all,

    A customer has to show all listening ports on there firewall and netstat -an reveals several (approx. 20) ports > 50000 listening to 0.0.0.0 (IE all) on their box. I thought maybe it was for NAT or something along those lines, but when I checked my VM SPLAT, after installing a super basic policy ensuring no NATing/VPN was enabled, I found the close to the same amount of high ports listening on it. Adding the -p tag showed they all (with the exception of one) were open by fwd; therefore, a cpstop closed them. Anyone know why Check Points firewall uses these high ports?

    Policy properly blocks access to them; thus the need for the stealth rule, but customer still needs to explain the listening ports...

  2. #2
    Join Date
    2011-02-17
    Posts
    81
    Rep Power
    7

    Default Re: Seeking explanation of high ports listening:


  3. #3
    Join Date
    2011-08-31
    Posts
    14
    Rep Power
    0

    Default Re: Seeking explanation of high ports listening:

    Thank you,

    I actually ran across those in my initial research and saw the two > 50000 ports on the list but that doesn't explain the rest of the 20 of them... Hmm... I suppose they are for various management functionalities as well, and CP hasn't been forthcoming with my direct inquiry to them. I guess its one of those, unless you develop for CP, you'll never know. I provided what I could to customer, and emphasized the need of stealth rule and defining guiclients, due to this, and that seemed to satisfy his inquiry.

  4. #4
    Join Date
    2005-11-25
    Location
    United States, Southeast
    Posts
    852
    Rep Power
    12

    Default Re: Seeking explanation of high ports listening:

    assuming the use of SecurePlatform, 'netstat -lnp' does not show all the listening ports.

    Many 'listeners' are in the kernel module, and as far as I know, cannot be discovered without a port scan. Some can be gleaned from $FWDIR/conf/fwauthd.conf.

Similar Threads

  1. Seeking Employment
    By Wainer19 in forum Employment/Consulting Opportunities For Check Point Administrators
    Replies: 1
    Last Post: 2008-12-03, 16:50
  2. UDP drops on high ports from email server?
    By Spacetrucker in forum SecureClient/SecuRemote
    Replies: 9
    Last Post: 2008-03-06, 18:47
  3. Enabling high ports during hotspot registration
    By denis.vincent in forum SecureClient/SecuRemote
    Replies: 1
    Last Post: 2007-10-15, 05:09
  4. Simple File Transfer Protocol (SFTP) and High Ports
    By runcmd in forum Miscellaneous
    Replies: 4
    Last Post: 2006-10-24, 11:16
  5. Port 500 - not listening
    By suzy_reid in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 5
    Last Post: 2006-04-27, 03:08

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •