Identifying Checkpoint with nmap

Identifying Checkpoint with nmap

For identifying operating systems , using nmap is definitely handy and effective.In our first example we will identify CheckPoint Firewall-1.Checkpoint Firewall-1 has default open ports although the Security Engineer applied Stealht Rule .This open ports arise from FW-1 implied rules.

root@pazwant:~# nmap -sP  -PS18264   192.168.1.200 --packet_trace

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-05-08 03:51 GMT+2
SENT (0.0240s) TCP 192.168.1.15:58825 > 192.168.1.200:18264 S ttl=55 id=44555 iplen=40 seq=1685203678 win=4096
RCVD (0.0290s) TCP 192.168.1.200:18264 > 192.168.1.15:58825 SA ttl=64 id=0 iplen=44 seq=876407979 win=5840 ack=1685203679

Host 192.168.1.200 appears to be up.
MAC Address: 00:0C:29:6B:B2:29 (VMware)
Nmap run completed -- 1 IP address (1 host up) scanned in 0.639 seconds

root@pazwant:~# nmap -sP  -PS264   192.168.1.200 --packet_trace

Starting nmap 3.75 ( http://www.insecure.org/nmap/ ) at 2005-05-08 03:54 GMT+2
SENT (0.0280s) TCP 192.168.1.15:41434 > 192.168.1.200:264 S ttl=42 id=20575 iplen=40 seq=1024727070 win=3072
RCVD (0.0290s) TCP 192.168.1.200:264 > 192.168.1.15:41434 RA ttl=255 id=0 iplen=40 seq=1026828309 win=0 ack=1024727071
Host 192.168.1.200 appears to be up.
MAC Address: 00:0C:29:6B:B2:29 (VMware)
Nmap run completed -- 1 IP address (1 host up) scanned in 0.645 seconds