This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

How to Identify DDoS attack on Check Point Gear

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
This widget could not be displayed.
5 Comments
Shay_Levin
Admin
Admin
‎2020-05-13 06:26 AM

@matanbd This is an awesome document!  Everyone should read it.

For those of you who don't know Matan, he is one of the most talented Check Point incident response team member.

So, if you are in trouble, Matan is definitely your guy.

 

 

 

 

Matthias_Kring
Contributor
‎2020-05-19 05:39 AM

With 80.30, the "timestamp" in cpview -t seems to be unavailable (sk101878). Instead, it starts at the beginning of history, and you have to move forward in "minute steps".

That's not nice.

matanbd
Employee Alumnus
Employee Alumnus
‎2020-05-19 05:49 AM

@Matthias_Kring Hi Matthias,

thanks for letting me know about this.

it looks like the design has been changed since R80.30 in CPView history mode and sk163804 describe the change:

    1. Run the 'cpview -t' command.
    2. In CPView history, type t.
    3. Specify the desired date and time. 

 

i will add this info to the post itself.

BR
Matan

pahanadmin
Explorer
‎2021-08-11 09:13 AM

Great,what about SMB devices..

0 Kudos
jfran3
Participant
‎2022-05-06 02:20 AM

Is there any guidance for detecting this using only the SmartConnect interface? So if we have analysts who don't have access to run cpview for instance? 

0 Kudos