This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Antonis_Hassiot
Contributor
‎2020-10-13 07:50 AM

Problem with fetching Malicious IP feeds using sk103154

Hi,

Trying to block incoming traffic from Malicious IPs using: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut...

This is Section [3]  How to block traffic from custom IP feeds (managed from Management Server)

It seems to work ok for: https://secureupdates.checkpoint.com/IP-list/TOR.txt as I can see the following output on the Gateway:

 

operation=add uid=<5f85babb,000005d7,f102020a,0000132f> target=all timeout=3575 action=drop log=log comment=threatcloud_ip_block service=any source=range:199.249.230.165 pkt-rate=0 req_type=quota
operation=add uid=<5f85babb,000005d9,f102020a,0000132f> target=all timeout=3575 action=drop log=log comment=threatcloud_ip_block service=any source=range:199.249.230.167 pkt-rate=0 req_type=quota
operation=add uid=<5f85babb,000005da,f102020a,0000132f> target=all timeout=3575 action=drop log=log comment=threatcloud_ip_block service=any source=range:158.69.63.54 pkt-rate=0 req_type=quota

when issuing:  fw samp get | grep threatcloud_ip_block

Subsequently I have tried adding other feeds in there, but I don't see any new rules created as above. Examples:

 

http://www.talosintelligence.com/documents/ip-blacklist

https://api.blocklist.de/getlast.php?time=600

Any idea on how to troubleshoot this?

 

0 Kudos
2 Replies
PhoneBoy
Admin
Admin
‎2020-10-18 06:31 PM

Are you using ioc_feeds or something else?

0 Kudos
Antonis_Hassiot
Contributor
‎2020-11-05 07:06 AM
In response to PhoneBoy

I am using the method described in sk103154 Section 3. Not using ioc_feeds commands but scripts. 

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events
    Top