This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Digo11
Contributor
‎2023-07-10 12:09 AM
Jump to solution

NMAP Shows Ports 5060 & 2000 Open

Hello Community,

Greetings to all.

Using the NMAP tool, I did a port scan in my internal network and found ports 2000 and 5060 Open. Interestingly, NMAP found these ports open on security gateway Mgmt IPs and management server IP addresses. In the rule base, only ports 22 (SSH) and 443 (HTTPS) is allowed on Gateway and SMS IPs. 

Somehow, I can do telnet on 172.16.1.37 5060 and 172.16.1.37 2000. When I check the logs for these Telnet connections it shows "Drop" and hits the explicit rule I created.

The question is if ports 5060 and 2000 are not allowed in the security policy then why and how Telnet is possible despite the "DROP" log seen on the smart console?

Looking forward to suggestions.

Checkpoint 5600 HA (Active-Passive)

OS: GAIA R81.10 Take 87

Blades: IPS, Anti Virus, AntiBot

 

Thank you.

Digo.

Preview file
46 KB
0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2023-07-10 03:36 PM
In response to the_rock
Jump to solution

Are there any rules involving SIP?
Might require a TAC case to investigate.

View solution in original post

4 Replies
Tal_Paz-Fridman
Employee
Employee
‎2023-07-10 06:27 AM
Jump to solution

Looks like it is related to the issue mentioned in sk177251:

Quantum Spark appliance ports in built-in SIP services are opened for port-scan/Telnet without any allowing rule

https://support.checkpoint.com/results/sk/sk177251

 

I also found other cases that state these ports are open for VoIP purposes so check if your policy uses them.

In any case I would contact TAC or a further assistance.

0 Kudos
the_rock
Legend
Legend
‎2023-07-10 06:57 AM
In response to Tal_Paz-Fridman
Jump to solution

Would it still be applicable to 5600 appliances though?

Andy

0 Kudos
PhoneBoy
Admin
Admin
‎2023-07-10 03:36 PM
In response to the_rock
Jump to solution

Are there any rules involving SIP?
Might require a TAC case to investigate.

Digo11
Contributor
‎2023-07-11 07:18 PM
In response to PhoneBoy
Jump to solution

No, we do not have any rules with SIP. It is a core firewall with no SIP traffic.

Thank you for the suggestion. I will involve TAC in this.

 

Regards,

Digo.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events