This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
VikingsFan
Advisor
Thursday
Jump to solution

Autonomous System Number Updatable Object?

Have a need come up where it would be useful to be able to import an AS Number that gets updated automatically.  A specific AS number is just sending us garbage constantly and we want to block all 200,000+ IPs from it.  Wasn't sure if there was anything that I missed for doing that?

For now, I'm scraping all the subnets from a place like https://www.ip2location.com/ and putting them in a network feed flat file.  It should work but it's not dynamic.

Thanks!

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
Thursday
Jump to solution

You can refer to a specific AS with fwaccel dos and effectively block the traffic: https://support.checkpoint.com/results/sk/sk112454 
Not sure there is an Updatable Object with this information, unfortunately.

View solution in original post

3 Replies
PhoneBoy
Admin
Admin
Thursday
Jump to solution

You can refer to a specific AS with fwaccel dos and effectively block the traffic: https://support.checkpoint.com/results/sk/sk112454 
Not sure there is an Updatable Object with this information, unfortunately.

VikingsFan
Advisor
Thursday
In response to PhoneBoy
Jump to solution

Ah, very cool; will look into it.  I assume this traffic won't be visible in the Smart Console logs and is handled at a lower level?

I don't understand this section in the SK you linked to though.  Does this mean I can drop traffic, just not rate limit it?

  • SecureXL Rate Limiting rules for DoS Mitigation do not support these parameters (Known Limitation PMTR-87460):
    • cc:<COUNTRY_CODE>
    • asn:<AUTONOMOUS_SYSTEM_NUMBER>
0 Kudos
PhoneBoy
Admin
Admin
Thursday
In response to VikingsFan
Jump to solution

It's handled in SecureXL and I believe you can also have it generate logs in SmartConsole.
Believe the limitation only applies to actual rate limiting rules as opposed to drop ones.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events