Checkpoint Hostname InfoDisclosure.

ar_engineer · ‎2020-07-10

On a VSX MDS environment port scan perfomed against external IP of the firewall revealing information of the firewall host name.xxx and Smart Center Host( which is internal server) and i suppose this was against port 264?

I need to change the hostname for the smart center host which is Domain Management Server against internal IPs.I understand this is because smart center and security gateway names revealed in the CA.

what is the best approach to change this as i understand SIC will need resetting also.Any suggestions will be appreciated?

Thanks

Chris_Atkinson · ‎2020-07-10

There are few SK that cover scenarios pertaining to tcp/264 e.g. sk69360 and sk60773

A workaround you may wish to investigate in the interim is as follows:

IMPORTANT: May impact Check Point Remote Access VPN client connectivity if used in the environment.

CCSM R77/R80/ELITE

Danny · ‎2020-07-10

HowTo: React on Check Point Information Disclosure

ar_engineer · ‎2020-07-12

Hi Chris_Atkinson and Danny
Thanks for above information

I would like to know to change the smartcenter hostname which was revealed in External Port scan 264 (what steps i will need to follow I believe SIC needs to re-established after changing the name?
I rather change the Smart center hostname to which reveals nothing obvious I am looking at this as an alternative approach for blocking port 264 on IPS or SmartEvent.

Many Thanks

Are you a member of CheckMates?

Checkpoint Hostname InfoDisclosure.