This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
John_Fleming
Advisor
‎2020-09-29 03:27 PM

arp sweep on demand

So I've seen how on a clusterxl interface failure checkpoint will begin spamming arp requests for everything in the local network. Is there a way to get checkpoint to do this on demand without a clusterxl event? I know about arping but I'm looking for something I don't have to setup a loop to do.

0 Kudos
5 Replies
Timothy_Hall
Legend Legend
Legend
‎2020-09-29 03:51 PM

Gaia 3.10 has hping2 built-in, so if you wanted to spam ARP requests for network 192.168.1.0/24 on interface eth1 just do this:

 hping2 --fast --icmp -I eth1 192.168.1.x --rand-dest

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos
John_Fleming
Advisor
‎2020-09-29 03:53 PM
In response to Timothy_Hall

Correct me if i'm wrong, but this does require outbound traffic from the firewall to be allowed correct?

Might work. I'll give it a try.

0 Kudos
John_Fleming
Advisor
‎2020-09-29 03:56 PM
In response to John_Fleming

Warning: when this option is enabled hping can't detect the right outgoing interface for the packets, so you should use the --interface option to select the desired outgoing interface.

Not very elegant. Was hoping for a bla/cidr notation worst case.

0 Kudos
Timothy_Hall
Legend Legend
Legend
‎2020-09-30 05:17 AM
In response to John_Fleming

Yes, hping2 generated traffic will go through capture points o/O in F2F so it will need to be allowed by policy.  By default packets originating from the gateway are permitted by an implied rule that is positioned "Before Last", so as long as there are not any rules explicitly dropping traffic originating from the gateway and the implied rule setting is left at default it should be allowed.

Attend my online "Be your Own TAC: Part Deux" CheckMates event
March 27th with sessions for both the EMEA and Americas time zones
0 Kudos
John_Fleming
Advisor
‎2020-09-30 05:26 AM
In response to Timothy_Hall

yeah outbound isn't allowed even from firewall for certain segments.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events