Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
userLearnCP
Explorer
Jump to solution

Can Checkpoint 5200 PB-20 IPS can inspect Mysql packets?

Can Checkpoint 5200 PB-20 IPS assess the content from incoming packets for Mysql database server (port 3306)? If the packet is according to a real Mysql packet then this can be forwarded to the database server, otherwise it will be dropped. The idea is to avoid DDOS attacks by sending massive TCP connections to Mysql server by Telnet or another application.

0 Kudos
1 Solution

Accepted Solutions
PhoneBoy
Admin
Admin

Review the IPS Protections for yourself to see what will be blocked.

85CFBAE2-AE6C-46E0-BF5B-656F9C02A4A6.jpeg

What is your precise definition of “massive TCP connections”?
If you’re concerned about that happening, you can use the ratelimiting functions. 
See: https://community.checkpoint.com/t5/General-Topics/R80-x-Performance-Tuning-Tip-DDoS-fw-sam-vs-fwacc...

View solution in original post

0 Kudos
(1)
4 Replies
PhoneBoy
Admin
Admin

Yes, it can.
However, I’m curious why the concern about DDoS since a MySQL server should only be accessed from specific hosts, not generally accessible from the Internet.
While we can do some rate limiting and such if required, if you’re really concerned about DDoS, Check Point sells specific solutions for this.

0 Kudos
(1)
userLearnCP
Explorer

My suspect it's not about someone from outside but It's someone from inside who can execute it from these specific hosts even.

 

I have the following questions:

1) By customizing Threat Prevention with IPS would help in case of malformed mysql packets?

2) There is an option of 'IPS Protections' from SmartConsole. Can one of these protections match about the case I explained?

0 Kudos
PhoneBoy
Admin
Admin

Review the IPS Protections for yourself to see what will be blocked.

85CFBAE2-AE6C-46E0-BF5B-656F9C02A4A6.jpeg

What is your precise definition of “massive TCP connections”?
If you’re concerned about that happening, you can use the ratelimiting functions. 
See: https://community.checkpoint.com/t5/General-Topics/R80-x-Performance-Tuning-Tip-DDoS-fw-sam-vs-fwacc...

0 Kudos
(1)
userLearnCP
Explorer

Thanks for the picture and the link.

What is your precise definition of “massive TCP connections”?

- I mean multiple TCP connections. I tried to mention it as a synonym. These connections are associated with packets.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events