AnsweredAssumed Answered

ICMP covert channel detection

Question asked by Rene Atanassoff Bilson on Feb 6, 2018
Latest reply on Feb 14, 2018 by Joe Sullivan

Hi All


I have been asked by a customer to ensure that all protections for covert channel attacks are enabled on their R77.30 gateways which are managed through an R80.10 Management server.  The customer has threat prevention blades, IPS, AV & Anti-bot enabled.  I could find the IPS signature for DNS tunneling but I don't see anything for ICMP. Could someone please explain how Checkpoint deals with ICMP covert channel attacks?


Thank you