Create a Post
Showing results for 
Search instead for 
Did you mean: 

How to Identify DDoS attack on Check Point Gear

What is a DDoS Attack?

A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination.

What is the difference between DoS and DDoS?

Well, nothing except the fact that in DDoS attack the incoming traffic flooding the victim originates from many different sources.
This effectively makes it harder to stop the attack because we cannot simply block a single source.

How Attackers usually launch a DDoS attack

They build an army!
Army of botnets around the wo

TO READ THE FULL POST it's simple and free

@matanbd This is an awesome document!  Everyone should read it.

For those of you who don't know Matan, he is one of the most talented Check Point incident response team member.

So, if you are in trouble, Matan is definitely your guy.






With 80.30, the "timestamp" in cpview -t seems to be unavailable (sk101878). Instead, it starts at the beginning of history, and you have to move forward in "minute steps".

That's not nice.

Employee Alumnus
Employee Alumnus

@Matthias_Kring Hi Matthias,

thanks for letting me know about this.

it looks like the design has been changed since R80.30 in CPView history mode and sk163804 describe the change:

    1. Run the 'cpview -t' command.
    2. In CPView history, type t.
    3. Specify the desired date and time. 


i will add this info to the post itself.



Great,what about SMB devices..