yurisk.info

Yuri Slobodyanyuk's blog on IT Security and Networking sharing experience and expertise

Page 24 of 24

Telnet from inside Checkpoint firewall

September 10, 2008 / / 8 Comments

Yesterday I saw a strange problem – connection from outside to Exchange in a LAN times out, while in Tracker all connections to port 25 are in green. Strange was that through VPN client-to-site and from inside LAN all worked prefectly well. So I wasn’t sure 100% it wasn’t a firewall causing this. The next best way to check it would be telnet from inside NGX (R65 in this case) to port 25 to Exchange by its LAN IP … only that Checkpoint don’t have telnet client included in their Splat . If I had enough time I’d compile telnet client statically on some Linux box with the same kernel/libraries then’d copy it to NGX for testing, but to do it ASAP I hacked a small AWK script that emulates (just enough fo ra test) telnet, below these scripts .

BTW this script made it 100% clear there was some problem with Exchange over which I had no control – from firewall its port 25 answered very erratically – once ok , 10 times connection refused. So after a double check

client found that from LAN and VPN it also wasn’t stable as he first thought .

 

General telnet client script :

[Expert@cp]# awk -v ip=192.168.0.1 -v port=25 -f telnet.awk

Where:

  ip – IP to connect to

  port – port to connect to

#!/usr/bin/awk
#This is a simple telnet emulation script purpose of which
# is to try to connect to a given IP on a given port using TCP
# and print to the terminal few lines received from the server
# if session is established. It has no functionality but to
# establish a TCP connection and print out received text from the
# server, after that it just exits.It was created to debug
# connectivity issues on Checkpoint NGX firewall that has no built
# in telnet client .
# Client
     BEGIN {
       (“/inet/tcp/0/” ip “/” port ) |& getline
       print $0
       close((“/inet/tcp/0/” ip “/” port ))
     }

Next is the same cript with add on for port 80 – to get some response from web server:

#!/usr/bin/awk
     BEGIN {
   Portandip = (“/inet/tcp/0/” ip “/” port )
   print “GET /  HTTP/1.1\n\n” |& Portandip
   while  ( ((“/inet/tcp/0/” ip “/” port ) |& getline)>0)
       print $0
       close((“/inet/tcp/0/” ip “/” port ))
     }

 

PS Thanks to Aibulat (see comments) for info, turns out there is a telnet client available on Splat cd-rom .It is just not installed by default when installing Splat.

Esafe defaults and some debug commands

September 6, 2008 / /

As any other box esafe comes with some default configs , to much of my surprise it takes too long to find them in the Esafe docs, so here they are:

eConsole TCP port: 43970
eConsole UDP port: 43982
Webmin TCP port: 37233    –    https to eSafe, when installed on linux  [last eSAfe to support
Windows was eSafe 6 FR2]   (https://ip_address_of_esafe:37233)

 
default username: root
default password: kn1TG7psLu
Webmin username: admin
Webmin password: esafe
econsole default username: admin
econsole default pasword: no such, you will be asked to set on first login or during Webmin configuration
 

————————————————————————–

Product Configuration file:
/opt/eSafe/eSafeCR/esafecfg.ini
 
Nitroinspection Configuration file:
/opt/eSafe/esafenipca.ini
 

eSafe Machine Configuration file:
/opt/eSafe/esafe.ini
eSafe Applifilter Configuration file:
/opt/eSafe/eSafeCR/applifilter2.ini

 ————————————————————————–

Spool Directory:
/opt/eSafe/eSafeCR/SPOOL/

 Advanced antispam and URL filtering (cobion) database Directory:
/var/esafe/ofdb/

 Session log files:
/opt/eSafe/eSafeCR/SessionLog/

Machine logs – when debug mode enabled logs get written here:
/var/esafe/log/eSafeCR

Debugging procedure , quite standard procedure, provided load on the machine permits
(High Debug mode loads the machine a lot!) you may shorten the time of troubleshooting
when opening ticket in Aladdin.
You need to re-create the problem first in high debug level (you can do it with eConsole: Options > Troubleshooting… > Clear Log Files > choose High troubleshooting level > re-create the problem > choose “Off” to turn off troubleshooting level)

How to create support file:

cd /opt/eSafe
./esafeinf
Collecting eSafe info and log files, Please wait …

Information successfully logged in
/var/log/1004562_xxxxxxx3430esglog.tar.gz.

or:

enter Webmin (https://ip_address_of_esafe:37233) > Support > Create and download eSafe Support Info file
————————————————————————–

eSafe Machine configuration script (script has same functionality  as Webmin does):

cd /opt/eSafe
./esgmenu

find quicky

September 6, 2008 / / 1 Comment

The few find templates I find useful in a day to day job.

The ones below were of great help when I had to clean Esafe that had more
than 100,000 files in the spool ! So usual shell wild-card expansion didn’t work
(try to do ls in a folder with 130000 files 😉 So I removed files
by date – files created last 24 hours per remove.

find . -mtime 0 -exec rm -f {} \;
find . -mtime 0 # find files created/modified within the past 24 hours
find . -mtime -1 # find files created/modified within the past 0 - 24 hours
find . -mtime 1 # find files modified between 24 and 48 hours ago
find . -mtime +1 # find files modified more than 48 hours ago
find . -mmin +3 -mmin -10 # find files modifed between 4 and 9 minutes

Default is  logical AND between clauses
NB the -regexp switch to the find looks for a complete match !
Finding by permission pattern and then removing:
– FInd files that have at LEAST following permissions set
find . -type f -perm -0750 -exec rm -f {} \;
Find files with ANy of the permissions set:
find . -type f -perm +0750 -exec rm -f {} \;
and finally find files with pattern EXACTLY matching :
find . -type f -perm 0750 -exec rm -f {} \;
Find by UID filetype and size:
find . -type f -uid 0 -size +2k -exec ls -l {} \;
modifiers to size switch: b w k c

Newer posts »

© 2016 yurisk.info

Theme by Anders NorenUp ↑