https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51449#M2011 <P>Was a TAC opened for this?&nbsp; I've seen this on previous firmwares about the same attack.</P> Sun, 21 Apr 2019 11:46:50 GMT Naftali_Oziel 2019-04-21T11:46:50Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51156#M1996 <P>During the tests for CPs WatchTower App, i found a most interesting entry in Statistics:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-inline" image-alt="IMG_2727.PNG" style="width: 562px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/877i60647E98E99B5A35/image-size/large?v=v2&amp;px=999" role="button" title="IMG_2727.PNG" alt="IMG_2727.PNG" /></span></P> <P>Who is responsible for this traffic ? In logs i could see that my iPhone, connected to SMB wireless, has sent the package to <SPAN class="x-tree-node-text ">LAN6 Switch</SPAN> where the Wireless network is defined. Why that ? Unclear RFC ?</P> <P>But we have exceptions ready:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="Exception.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/878iC4D5078566D5CD7A/image-size/large?v=v2&amp;px=999" role="button" title="Exception.png" alt="Exception.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>Since that was defined, no more Max Ping Size Attack has occured <span class="lia-unicode-emoji" title=":grinning_face:">😀</span> !</P> Wed, 17 Apr 2019 12:23:09 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51156#M1996 G_W_Albrecht 2019-04-17T12:23:09Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51338#M2000 I saw it on my own gateway as well, and I'm pretty sure I didn't do a large ping through it. <span class="lia-unicode-emoji" title=":grimacing_face:">😬</span><BR />Probably worth a TAC case. Fri, 19 Apr 2019 02:23:21 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51338#M2000 PhoneBoy 2019-04-19T02:23:21Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51374#M2002 <P>Same here.</P> Fri, 19 Apr 2019 17:52:41 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51374#M2002 Vladimir 2019-04-19T17:52:41Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51449#M2011 <P>Was a TAC opened for this?&nbsp; I've seen this on previous firmwares about the same attack.</P> Sun, 21 Apr 2019 11:46:50 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51449#M2011 Naftali_Oziel 2019-04-21T11:46:50Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51749#M2018 <P>I believe I've verified that one of my sites with this message receives these hits from a Samsung Mobile device. I feel like maybe Samsung tries to do some connectivity tests when on WiFi that CheckPoint doesn't like. Not sure if anyone else can see the same thing.</P> Wed, 24 Apr 2019 17:14:12 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51749#M2018 Aidan_Luby 2019-04-24T17:14:12Z https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51770#M2020 <P>Large ping to the default gateway is common in mobile devices.</P><P>Just bypass this protection from your wireless networks to the gateway.</P> Wed, 24 Apr 2019 19:27:24 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/SMB-IPS-Max-Ping-Size-Attack/m-p/51770#M2020 Pedro_Espindola 2019-04-24T19:27:24Z