This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
userLearnCP
Explorer
‎2022-11-16 11:27 AM
Jump to solution

Can Checkpoint 5200 PB-20 IPS can inspect Mysql packets?

Can Checkpoint 5200 PB-20 IPS assess the content from incoming packets for Mysql database server (port 3306)? If the packet is according to a real Mysql packet then this can be forwarded to the database server, otherwise it will be dropped. The idea is to avoid DDOS attacks by sending massive TCP connections to Mysql server by Telnet or another application.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin
‎2022-11-17 03:28 PM
In response to userLearnCP
Jump to solution

Review the IPS Protections for yourself to see what will be blocked.

85CFBAE2-AE6C-46E0-BF5B-656F9C02A4A6.jpeg

What is your precise definition of “massive TCP connections”?
If you’re concerned about that happening, you can use the ratelimiting functions. 
See: https://community.checkpoint.com/t5/General-Topics/R80-x-Performance-Tuning-Tip-DDoS-fw-sam-vs-fwacc...

View solution in original post

0 Kudos
4 Replies
PhoneBoy
Admin
Admin
‎2022-11-16 01:24 PM
Jump to solution

Yes, it can.
However, I’m curious why the concern about DDoS since a MySQL server should only be accessed from specific hosts, not generally accessible from the Internet.
While we can do some rate limiting and such if required, if you’re really concerned about DDoS, Check Point sells specific solutions for this.

0 Kudos
userLearnCP
Explorer
‎2022-11-16 02:31 PM
In response to PhoneBoy
Jump to solution

My suspect it's not about someone from outside but It's someone from inside who can execute it from these specific hosts even.

 

I have the following questions:

1) By customizing Threat Prevention with IPS would help in case of malformed mysql packets?

2) There is an option of 'IPS Protections' from SmartConsole. Can one of these protections match about the case I explained?

0 Kudos
PhoneBoy
Admin
Admin
‎2022-11-17 03:28 PM
In response to userLearnCP
Jump to solution

Review the IPS Protections for yourself to see what will be blocked.

85CFBAE2-AE6C-46E0-BF5B-656F9C02A4A6.jpeg

What is your precise definition of “massive TCP connections”?
If you’re concerned about that happening, you can use the ratelimiting functions. 
See: https://community.checkpoint.com/t5/General-Topics/R80-x-Performance-Tuning-Tip-DDoS-fw-sam-vs-fwacc...

0 Kudos
userLearnCP
Explorer
‎2022-11-18 11:57 AM
In response to PhoneBoy
Jump to solution

Thanks for the picture and the link.

What is your precise definition of “massive TCP connections”?

- I mean multiple TCP connections. I tried to mention it as a synonym. These connections are associated with packets.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    li.common.scroll-to.top