topic 1550 hosts encountered an exploit attempt in Spark Firewall (SMB) https://community.checkpoint.com/t5/Spark-Firewall-SMB/1550-hosts-encountered-an-exploit-attempt/m-p/69391#M2680 <P>CheckPoint SmartView is a good tool for log reviews with its templates like Attacks Allowed by Policy. During IPS profile testing on the 1550 - you had to limit IPS protections in a special SMB profile with the older Embedded GAiA models while 1550 / R80.20 now has a TP policy like all GAiA GWs do - i also used&nbsp;SmartView. This gave me an odd encounter i would not have expected:&nbsp;hosts encountered an exploit attempt ! Have a look:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="list.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/3512iB1ABD757A6D6B0C6/image-size/large?v=v2&amp;px=999" role="button" title="list.png" alt="list.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>The 1550 FifteenFifty&nbsp;<span class="lia-unicode-emoji" title=":smiling_face_with_smiling_eyes:">😊</span>&nbsp;is managed by SMS7520&nbsp;<span class="lia-unicode-emoji" title=":upside_down_face:">🙃</span> and set to send Security &nbsp;Logs and Syslog there. Seems not to be easy with Syslog, though:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="card.png" style="width: 497px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/3514iF4E25C38ED32DC7B/image-size/large?v=v2&amp;px=999" role="button" title="card.png" alt="card.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Matthaeus 5:30:</STRONG></P> <P><SPAN><STRONG>And if thy right hand offend thee, cut it off, and cast <I>it</I> from thee</STRONG>&nbsp;8)</img></SPAN></P> Thu, 05 Dec 2019 08:51:18 GMT G_W_Albrecht 2019-12-05T08:51:18Z 1550 hosts encountered an exploit attempt https://community.checkpoint.com/t5/Spark-Firewall-SMB/1550-hosts-encountered-an-exploit-attempt/m-p/69391#M2680 <P>CheckPoint SmartView is a good tool for log reviews with its templates like Attacks Allowed by Policy. During IPS profile testing on the 1550 - you had to limit IPS protections in a special SMB profile with the older Embedded GAiA models while 1550 / R80.20 now has a TP policy like all GAiA GWs do - i also used&nbsp;SmartView. This gave me an odd encounter i would not have expected:&nbsp;hosts encountered an exploit attempt ! Have a look:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="list.png" style="width: 999px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/3512iB1ABD757A6D6B0C6/image-size/large?v=v2&amp;px=999" role="button" title="list.png" alt="list.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>The 1550 FifteenFifty&nbsp;<span class="lia-unicode-emoji" title=":smiling_face_with_smiling_eyes:">😊</span>&nbsp;is managed by SMS7520&nbsp;<span class="lia-unicode-emoji" title=":upside_down_face:">🙃</span> and set to send Security &nbsp;Logs and Syslog there. Seems not to be easy with Syslog, though:</P> <P><span class="lia-inline-image-display-wrapper lia-image-align-left" image-alt="card.png" style="width: 497px;"><img src="https://community.checkpoint.com/t5/image/serverpage/image-id/3514iF4E25C38ED32DC7B/image-size/large?v=v2&amp;px=999" role="button" title="card.png" alt="card.png" /></span></P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P><STRONG>Matthaeus 5:30:</STRONG></P> <P><SPAN><STRONG>And if thy right hand offend thee, cut it off, and cast <I>it</I> from thee</STRONG>&nbsp;8)</img></SPAN></P> Thu, 05 Dec 2019 08:51:18 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/1550-hosts-encountered-an-exploit-attempt/m-p/69391#M2680 G_W_Albrecht 2019-12-05T08:51:18Z 1550 hosts encountered an exploit attempt https://community.checkpoint.com/t5/Spark-Firewall-SMB/1550-hosts-encountered-an-exploit-attempt/m-p/75723#M3074 <P>Now these messages have vanished from SmartView...</P> Wed, 19 Feb 2020 11:20:40 GMT https://community.checkpoint.com/t5/Spark-Firewall-SMB/1550-hosts-encountered-an-exploit-attempt/m-p/75723#M3074 G_W_Albrecht 2020-02-19T11:20:40Z