yurisk.info

Yuri Slobodyanyuk's blog on IT Security and Networking sharing experience and expertise

Telnet from inside Checkpoint firewall using awk script

Yesterday I saw a strange problem – connection from outside to Exchange in a LAN times out, while in SmartView Tracker logs all connections to port 25 are in green. Strange was that through VPN client-to-site and from inside LAN all worked prefectly well. So I wasn’t sure 100% it wasn’t a Check Point firewall causing this. The next best way to check it would be telnet from inside the Check Point itself (R65 in this case) to port 25 to Exchange by its LAN IP … only that Checkpoint don’t have telnet client included in their Splat . If I had enough time I’d compile telnet client statically on some Linux box with the same kernel/libraries then’d copy it to the firewall for testing, but to do it ASAP I hacked a small AWK script that emulates (just enough for a test) telnet, below are these scripts .

BTW this script made it 100% clear there was some problem with Exchange over which I had no control – from firewall its port 25 answered very erratically – once ok , 10 times connection refused. So after a double check

client found that from LAN and VPN it also wasn’t stable as he first thought .

 

General telnet client script in awk :

[Expert@cp]# awk -v ip=192.168.0.1 -v port=25 -f telnet.awk

Where:

  ip – IP to connect to

  port – port to connect to

#!/usr/bin/awk
#This is a simple telnet emulation script purpose of which
# is to try to connect to a given IP on a given port using TCP
# and print to the terminal few lines received from the server
# if session is established. It has no functionality but to
# establish a TCP connection and print out received text from the
# server, after that it just exits.It was created to debug
# connectivity issues on Checkpoint NGX firewall that has no built
# in telnet client .
# Client
     BEGIN {
       (“/inet/tcp/0/” ip “/” port ) |& getline
       print $0
       close((“/inet/tcp/0/” ip “/” port ))
     }

Next is the same cript with add on for port 80 – to get some response from web server:

#!/usr/bin/awk
     BEGIN {
   Portandip = (“/inet/tcp/0/” ip “/” port )
   print “GET /  HTTP/1.1\n\n” |& Portandip
   while  ( ((“/inet/tcp/0/” ip “/” port ) |& getline)>0)
       print $0
       close((“/inet/tcp/0/” ip “/” port ))
     }

 

PS Thanks to Aibulat (see comments) for info, turns out there is a telnet client available on Splat cd-rom .It is just not installed by default when installing Splat.



8 Comments

  1. Thanks this is very helpful.

    Great site….hope you have more updates.

    T.S

  2. There is telnet client in cd

    #expert
    #mount /mnt/cdrom
    #cd /mnt/cdrom/SecurePlatform/RPMS
    #rpm -i telnet-0.17*

  3. Thanks for the info, indeed there is a telnet client/server that doesnt get installed by default.

  4. Nice Blog,

    saw Checkpoint has what they call “Add-On Utils”
    but only for Kernel 2.4

    has Telnet, Minicom and vixie-cron

    release notes : http://downloads.checkpoint.com/dc/download.htm?ID=3168

    -Somynona

  5. Thanks
    Probably R55 didnt have telnet at all so this add-on. NGX have telnet/telnetd on Splat disk already available.

  6. getting below error
    awk: telnet.awk:11: (“/inet/tcp/0/” ip “/” port ) |& getline
    awk: telnet.awk:11: ^ parse error

  7. sorry error was
    awk: telnet.awk:11: (“/inet/tcp/0/” ip “/” port ) |& getline
    awk: telnet.awk:11: ^ parse error

  8. ^ Parse error showing on |&

Comments are closed.

© 2016 yurisk.info

Theme by Anders NorenUp ↑