This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ar_engineer
Participant
‎2020-07-10 07:38 AM

Checkpoint Hostname InfoDisclosure.

On a VSX MDS environment port scan perfomed against external IP of the firewall revealing information of the firewall host name.xxx and Smart Center Host( which is internal server) and i suppose this was against port 264?

 

I need to change the hostname for the smart center host which is Domain Management Server against internal IPs.I understand this is because smart center and security gateway names revealed in the CA.

 

what is the best approach to change this as i understand SIC will need resetting also.Any suggestions will be appreciated?

Thanks

 

0 Kudos
3 Replies
Chris_Atkinson
Employee
Employee
‎2020-07-10 08:22 PM

There are few SK that cover scenarios pertaining to tcp/264 e.g. sk69360 and sk60773

A workaround you may wish to investigate in the interim is as follows:

IMPORTANT: May impact Check Point Remote Access VPN client connectivity if used in the environment.

vpn_topo.png

Danny
Champion
Champion
‎2020-07-10 10:43 PM

HowTo: React on Check Point Information Disclosure

ar_engineer
Participant
‎2020-07-12 08:42 AM
In response to Danny

Hi Chris_Atkinson and Danny
Thanks for above information

I would like to know to change the smartcenter hostname which was revealed in External Port scan 264 (what steps i will need to follow I believe SIC needs to re-established after changing the name?
I rather change the Smart center hostname to which reveals nothing obvious I am looking at this as an alternative approach for blocking port 264 on IPS or SmartEvent.

Many Thanks
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫