Vulnerability scan shows ports 18231 and 264 open under LISTEN mode when using TLS1.0 and TLS1.1

Support Center > Search Results > SecureKnowledge Details

Vulnerability scan shows ports 18231 and 264 open under LISTEN mode when using TLS1.0 and TLS1.1 - reference CVE-2000-1201

Technical Level

Solution ID	sk132712
Technical Level
Product	Mobile Access / SSL VPN
Version	R80.10 (EOL), R80.20 (EOL), R80.30 (EOL), R80.40, R81, R81.10
OS	Gaia
Platform / Model	All
Date Created	31-Jul-2018
Last Modified	06-Jan-2022

Symptoms

Vulnerability scan may show issues with ports 18231 and 264 when using TLS1.0 and TLS1.1

The port scan (Nmap) may show port 18231 under listen mode when using low TLS versions, for example:

PORT      STATE SERVICE
18231/tcp open  unknown
  ssl-enum-ciphers: 
    TLSv1.0: 
      ciphers: 
        TLS_DH_anon_WITH_AES_128_CBC_SHA - F
        TLS_DH_anon_WITH_AES_256_CBC_SHA - F
      compressors: 
        NULL
      cipher preference: client
    TLSv1.1: 
      ciphers: 
        TLS_DH_anon_WITH_AES_128_CBC_SHA - F
        TLS_DH_anon_WITH_AES_256_CBC_SHA - F
...

Users can review if the port is under LISTEN mode with the following commands:

[Expert@hostname:0]# netstat -tulnp |grep 18231

[Expert@hostname:0]# netstat –atun |grep 18231

The output is similar to the following:

[Expert@hostname:0]# tcp 0 0 0.0.0.0:18231 0.0.0.0:* LISTEN 9456/dtpsd

Vulnerability scan on the gateway shows that we are vulnerable to CVE-2000-1201: Check Point FireWall-1 allows remote attackers to cause a denial of service (high CPU) via a flood of packets to port 264.

Cause

In the past, there was a use of these ports with SecureClient and DTPSD.

It was used for installation of Desktop Security policy from the Policy Server (DTPSD daemon) to the SecureClient.

Currently, this feature is not used anymore, therefore we can limit the usage of the service.

Solution

Note: To view this solution you need to Sign In .