Hello Mates,
I'm new to Checkpoint, so please bear with me.
I noticed an alert for high traffic (potential DoS) in our SIEM coming from an external IP to our public-facing server via port 18264. I’m curious why this traffic is allowed. After some research, I found that this port might be governed by an implied rule, meaning the traffic is permitted by default, and some sources advise against blocking it.
My questions are:
- Could this traffic have any negative impact on our server?
- Is port 18264 vulnerable to exploitation?