Weird IP (0.0.127.x) in IPS Logs - Check Point CheckMates

Simplifying Zero Trust Security
with Infinity Identity!

Register Now!

The New Quantum DDoS Protector
Integration with Playblocks

Watch Now

ISOMorphic Improvements
Help us with the Short-Term Roadmap

Take the Survey

CheckMates Toolbox Contest 2024
Make Your Submission for a Chance to WIN up to $300 Gift Card!

LEARN MORE!

CheckMates Go:
Equipped to Compromise

LISTEN NOW

Hello,

Does anyone now the source address 0.0.127.243?

<row>

<field name="time" value="2024-10-07T12:08:55Z" resolved="Today, 14:08:55"/>

<field name="id" value="c5e61144-9f5d-c7c6-6703-cf5700000180"/>

<field name="sequencenum" value="205"/>

<field name="src" value="0.0.127.243"/>

<field name="dst" value="10.x.y.z"/>

<field name="attack" value="Windows SMB Protection Violation"/>

<field name="attack_info" value="Brute Force Scanning of CIFS Ports"/>

<field name="protection_name" value="Brute Force Scanning of CIFS Ports"/>

<field name="protection_id" value="asm_dynamic_prop_CIFS_BF_PORT_SCAN"/>

<field name="severity" value="Medium" icon="Levels/Color_4_2"/>

<field name="confidence_level" value="Low" icon="Levels/Blue_5_1"/>

<field name="performance_impact" value="Critical" icon="Levels/Color_5_5"/>

<field name="protection_type" value="IPS" icon="Protection/Protections"/>

This kind of log entry is visible in Log sinceR81.20 ~HFA70:

I know IP like 0.0.0.x, but this seems different.

Regards

Peter

2 Replies

That doesn't seem like a valid IP address.
Might need TAC to investigate that.

Looks a bit look a loopback IP that got messed up. Do you know traffic comes from internal or internet?

I see destination internal IP and not external so I assume internal?

-------
If you like this post please give a thumbs up(kudo)! 🙂

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

User

Count

3

3

1

1

1

1

1

1

Upcoming Events

Sort by:

In-Person

Thu 17 Oct 2024 @ 10:00 AM (CEST)

CheckMates Live Geneva - What's New is R82!

Virtual

Thu 17 Oct 2024 @ 02:00 PM (CDT)

Central US: Management API Best Practices

Virtual

Fri 18 Oct 2024 @ 10:00 AM (CEST)

CheckMates Live Netherlands - Sessie 29: Infinity Security Operations and AI

Virtual

Tue 22 Oct 2024 @ 05:00 PM (CEST)

Under the Hood: Securing Ingress Traffic with Azure Virtual WAN and CloudGuard Network Security

Virtual

Tue 22 Oct 2024 @ 11:00 AM (PDT)

West US: Web Filtering Best Practices

Virtual

Fri 25 Oct 2024 @ 03:00 PM (CEST)

From Compliance to Competitiveness: Mastering DORA for Cyber Resilience

Virtual

Thu 17 Oct 2024 @ 02:00 PM (CDT)

Central US: Management API Best Practices

Virtual

Fri 18 Oct 2024 @ 10:00 AM (CEST)

CheckMates Live Netherlands - Sessie 29: Infinity Security Operations and AI

Virtual

Tue 22 Oct 2024 @ 05:00 PM (CEST)

Under the Hood: Securing Ingress Traffic with Azure Virtual WAN and CloudGuard Network Security

Virtual

Tue 22 Oct 2024 @ 11:00 AM (PDT)

West US: Web Filtering Best Practices

Virtual

Fri 25 Oct 2024 @ 03:00 PM (CEST)

From Compliance to Competitiveness: Mastering DORA for Cyber Resilience

Virtual

Wed 30 Oct 2024 @ 05:00 PM (CET)

TechTalk: Simplifying Zero Trust Security with Infinity Identity!

In-Person

Thu 17 Oct 2024 @ 10:00 AM (CEST)

CheckMates Live Geneva - What's New is R82!

In-Person

Wed 30 Oct 2024 @ 10:00 AM (PDT)

Irvine, CA: Cloud Security Workshop & Lunch

In-Person

Tue 05 Nov 2024 @ 09:00 AM (CET)

CheckMates Live France - R82 Workshop!

CheckMates Events