Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
G_W_Albrecht
Legend
Legend

SMB IPS Max Ping Size Attack

During the tests for CPs WatchTower App, i found a most interesting entry in Statistics:

IMG_2727.PNG

Who is responsible for this traffic ? In logs i could see that my iPhone, connected to SMB wireless, has sent the package to LAN6 Switch where the Wireless network is defined. Why that ? Unclear RFC ?

But we have exceptions ready:

Exception.png

 

 

 

Since that was defined, no more Max Ping Size Attack has occured 😀 !

5 Replies
PhoneBoy
Admin
Admin

I saw it on my own gateway as well, and I'm pretty sure I didn't do a large ping through it. 😬
Probably worth a TAC case.
0 Kudos
Vladimir
Champion
Champion

Same here.

0 Kudos
Naftali_Oziel
Collaborator

Was a TAC opened for this?  I've seen this on previous firmwares about the same attack.

0 Kudos
Aidan_Luby
Collaborator

I believe I've verified that one of my sites with this message receives these hits from a Samsung Mobile device. I feel like maybe Samsung tries to do some connectivity tests when on WiFi that CheckPoint doesn't like. Not sure if anyone else can see the same thing.

0 Kudos
Pedro_Espindola
Advisor

Large ping to the default gateway is common in mobile devices.

Just bypass this protection from your wireless networks to the gateway.

0 Kudos