This website uses cookies. By clicking OK, you consent to the use of cookies. Click Here to learn more about how we use cookies.
OK
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help
ar_engineer
Participant
‎2020-07-10 07:38 AM

Checkpoint Hostname InfoDisclosure.

On a VSX MDS environment port scan perfomed against external IP of the firewall revealing information of the firewall host name.xxx and Smart Center Host( which is internal server) and i suppose this was against port 264?

 

I need to change the hostname for the smart center host which is Domain Management Server against internal IPs.I understand this is because smart center and security gateway names revealed in the CA.

 

what is the best approach to change this as i understand SIC will need resetting also.Any suggestions will be appreciated?

Thanks

 

0 Kudos
Reply
3 Replies
Chris_Atkinson
Employee
Employee
‎2020-07-10 08:22 PM

There are few SK that cover scenarios pertaining to tcp/264 e.g. sk69360 and sk60773

A workaround you may wish to investigate in the interim is as follows:

IMPORTANT: May impact Check Point Remote Access VPN client connectivity if used in the environment.

vpn_topo.png

Reply
Danny
Champion
Champion
‎2020-07-10 10:43 PM

HowTo: React on Check Point Information Disclosure

Reply
ar_engineer
Participant
‎2020-07-12 08:42 AM
In response to Danny

Hi Chris_Atkinson and Danny
Thanks for above information

I would like to know to change the smartcenter hostname which was revealed in External Port scan 264 (what steps i will need to follow I believe SIC needs to re-established after changing the name?
I rather change the Smart center hostname to which reveals nothing obvious I am looking at this as an alternative approach for blocking port 264 on IPS or SmartEvent.

Many Thanks
0 Kudos
Reply