This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
ESwisher
Employee Alumnus
Employee Alumnus
‎2020-01-11 07:38 PM

GoDaddy CRL Issues?

Running R80.30, and looking at my Logs to make sure rules are working correctly. I sorted by destination = my WAN IP for last 7 days.

In the Top Sources, I saw that a ton (33%) are from one IP:  72.167.18.237. They are all drops due to First packet isn't SYN. TCP Flags RST.

72.167.18.237 resolves to p3plpkivs-v01.any.prod.phx3.secureserver.net

After some more research, that IP also resolves to crl.godaddy.com

Looked at my Logs for destination = 72.167.18.237 and several times every minute, my Firewall (source = my WAN IP) is contacting 72.167.18.237 on http via Implied Rule 0.

I do have HTTPS Inspection enabled.

Is my Firewall trying to check the GoDaddy CRL and failing?

0 Kudos
1 Reply
FedericoMeiners
Advisor
‎2020-01-11 09:23 PM

Hello,
It may be a good idea to do a packet capture with tcpdump or the tool of your preference in order to see what is happening under the hood: Is the initial handshake finished? Is it failing at the TLS Handshake? How much time does the responses take? Are there tons of retransmissions from one side?

Hope it helps
____________
https://www.linkedin.com/in/federicomeiners/
0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events