cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Highlighted

SMB IPS Max Ping Size Attack

During the tests for CPs WatchTower App, i found a most interesting entry in Statistics:

IMG_2727.PNG

Who is responsible for this traffic ? In logs i could see that my iPhone, connected to SMB wireless, has sent the package to LAN6 Switch where the Wireless network is defined. Why that ? Unclear RFC ?

But we have exceptions ready:

Exception.png

 

 

 

Since that was defined, no more Max Ping Size Attack has occured 😀 !

5 Replies
Highlighted
Admin
Admin

Re: SMB IPS Max Ping Size Attack

I saw it on my own gateway as well, and I'm pretty sure I didn't do a large ping through it. 😬
Probably worth a TAC case.
0 Kudos
Highlighted
Pearl

Re: SMB IPS Max Ping Size Attack

Same here.

0 Kudos
Highlighted

Re: SMB IPS Max Ping Size Attack

Was a TAC opened for this?  I've seen this on previous firmwares about the same attack.

0 Kudos
Highlighted
Copper

Re: SMB IPS Max Ping Size Attack

I believe I've verified that one of my sites with this message receives these hits from a Samsung Mobile device. I feel like maybe Samsung tries to do some connectivity tests when on WiFi that CheckPoint doesn't like. Not sure if anyone else can see the same thing.

0 Kudos
Highlighted

Re: SMB IPS Max Ping Size Attack

Large ping to the default gateway is common in mobile devices.

Just bypass this protection from your wireless networks to the gateway.

0 Kudos