This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
michaela
Explorer
‎2019-11-21 04:56 PM

Submit a HTTP 200 Ok response from firewall

Not sure if the following rule be created on a Check Point firewall?

- Device on an internal network sends a request to an external URL (example.com)

- Firewall intercepts request to (example.com) and checks if requesting device is using a specific wireless SSID (examplessid)

- If (examplessid) is being used by the device, return a HTTP 200 Ok response to the device.

0 Kudos
3 Replies
PhoneBoy
Admin
Admin
‎2019-11-22 08:17 PM

Not sure I understand what the end goal is here, can you elaborate?
Note that SSID is not something we'll see unless we're talking about an SMB appliance that is actually serving the SSID itself.
0 Kudos
Nick_Doropoulos
Advisor
‎2019-11-23 12:11 PM

Hello,

I'm afraid that not even an intercepting proxy would get the information you are looking for. That is not information exchanged in HTTP communication.

You can however view SSIDs by capturing traffic on the firewall's appropriate interface (the one that belongs to the same broadcast domain as the client) and then view it on Wireshark.

Feel free to clarify what you intend to do so we can help you more.

I hope this helps.

 

0 Kudos
Ryan_Ryan
Advisor
‎2019-11-24 04:50 PM

Would checking the source subnet be good enough rather than SSID. I can't think of any reason how someone would end up in the subnet without being on that specific SSID.

 

as for tampering/injecting responses, I don't think a firewall is the right tool for that job. What you could do is create a NAT rule that says 

src: (WLAN subnet)

destination: 1.1.1.1 (whatever the example domain is)

xlate destination: 192.168.1.1 (a webserver you host or on the Internet that will always respsond with 200 Ok.

 

Then if the user is not on the correct SSID they wont match the NAT rule.

 

 

 

 

 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events