This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Kaspars_Zibarts
Employee Employee
Employee
‎2020-10-28 01:49 PM

FQDN objects allowing non-relevant IP addresses in R80.40 T78

I'm not too sure if it is also relevant to non-VSX gateways but if you are running R80.40 and using FQDN I would suggest to check it straight away

Say I created a rule that uses FQDN as a destination that should resolve to one IP only:

updates.checkpoint.com - 104.121.238.27

But domains_tools show me 20(!) extra IP addresses associated with this FQDN:

image.png

And my test rule confirms that the "real" IP and "fake" IPs are accepted by the rule:

2020-10-28_21-27-17.jpg

So basically we have no trust in any of FQDN based rules right now in R80.40 - it can be open to anything!

Really worried now as I checked some other FQDN objects and they were even worse with 50+ IPs associated with them instead of 1 😱

 

15 Replies
This widget could not be displayed.

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events