This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
unavita
Explorer
a week ago

DOS traffic from External IP going port 18264 (Implied Rule)

Hello Mates,

I'm new to Checkpoint, so please bear with me.

I noticed an alert for high traffic (potential DoS) in our SIEM coming from an external IP to our public-facing server via port 18264. I’m curious why this traffic is allowed. After some research, I found that this port might be governed by an implied rule, meaning the traffic is permitted by default, and some sources advise against blocking it.

My questions are:

  • Could this traffic have any negative impact on our server?
  • Is port 18264 vulnerable to exploitation?
0 Kudos
2 Replies
_Val_
Admin
Admin
Monday

Quoting from sk52421

 

Protocol Port number Service Name and Comment Usage
Infrastructure
TCP 18264 FW1_ica_services - Check Point Internal CA Fetch CRL and User Registration Services Connections to Management Server for Certificate Revocation Lists (CRLs) and registering users when using the Endpoint Policy Server (for Endpoint Security clients)

 

See what which destinations are listed for this traffic. In a large environment, with many endpoint clients, it is possible that there is a lot of chatter on this port

0 Kudos
unavita
Explorer
yesterday
In response to _Val_

Thanks mate. Appriciate it.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events