Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted
Iron

Finding bandwidth use by host in network to determine hosts infected with coinminer.

Jump to solution

Hi everyone,

I suddently see my bandwidth usage peak very high, after some analyze i think my users infected with coinminer. These users dont have endpoint security but they all access Internet through check point firewall. During working time, the banwitdh usage peak very high and when the users leave office it back to normal, that why i think user's devices is infected woth coinminer. And want to find which host using most bandwidth in network. I see in Log > View a bandwitdth report but when i click of that, it just empty and no data found. I also try with other reports but just the same :'no data found' or very least infor while there is a ton of logs.
Why there is many log but so very least in report ? Or can anyone please tell me is there any other way to find a list of top host using lot bandwitdh in network with Check oint firewall ?

Thanks

0 Kudos
1 Solution

Accepted Solutions
Highlighted
Admin
Admin

Re: Finding bandwidth use by host in network to determine hosts infected with coinminer.

Jump to solution
  • authentication attempts to identify possible intrusion attempts.

A Traffic view can be created to monitor the Traffic types listed in the following table.

Traffic Type

Explanation

Services

Shows the current status view about Services used through the selected gateway.

IPs/Network Objects

Shows the current status view about active IPs/Network Objects through the selected gateway.

Security Rules

Shows the current status view about the most frequently used Firewall rules.

The Name column in the legend states the rule number as previously configured in SmartConsole.

Interfaces

Shows the current status view about the Interfaces associated with the selected gateway.

Connections

Shows the current status view about current connections initiated through the selected gateway.

Tunnels

Shows the current status view about the Tunnels associated with the selected gateway and their usage.

Virtual Link

Shows the current traffic status view between two gateways (for example, Bandwidth, Bandwidth Loss, and Round Trip Time).

Packet Size Distribution

Shows the current status view about packets according to the size of the packets.

QoS

Shows the current traffic level for each QoS rule.

 

https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_LoggingAndMonitoring_Admi...

View solution in original post

0 Kudos
4 Replies
Highlighted
Admin
Admin

Re: Finding bandwidth use by host in network to determine hosts infected with coinminer.

Jump to solution

Which version are you running?

0 Kudos
Highlighted
Iron

Re: Finding bandwidth use by host in network to determine hosts infected with coinminer.

Jump to solution

Hi Val,

I'm running R80.20

0 Kudos
Highlighted
Admin
Admin

Re: Finding bandwidth use by host in network to determine hosts infected with coinminer.

Jump to solution

Look into Logging and Monitoring Admin Guide, under Traffic Monitoring. 

0 Kudos
Highlighted
Admin
Admin

Re: Finding bandwidth use by host in network to determine hosts infected with coinminer.

Jump to solution
  • authentication attempts to identify possible intrusion attempts.

A Traffic view can be created to monitor the Traffic types listed in the following table.

Traffic Type

Explanation

Services

Shows the current status view about Services used through the selected gateway.

IPs/Network Objects

Shows the current status view about active IPs/Network Objects through the selected gateway.

Security Rules

Shows the current status view about the most frequently used Firewall rules.

The Name column in the legend states the rule number as previously configured in SmartConsole.

Interfaces

Shows the current status view about the Interfaces associated with the selected gateway.

Connections

Shows the current status view about current connections initiated through the selected gateway.

Tunnels

Shows the current status view about the Tunnels associated with the selected gateway and their usage.

Virtual Link

Shows the current traffic status view between two gateways (for example, Bandwidth, Bandwidth Loss, and Round Trip Time).

Packet Size Distribution

Shows the current status view about packets according to the size of the packets.

QoS

Shows the current traffic level for each QoS rule.

 

https://sc1.checkpoint.com/documents/R80.20_GA/WebAdminGuides/EN/CP_R80.20_LoggingAndMonitoring_Admi...

View solution in original post

0 Kudos