CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have 52 attendees signed up from 14 countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Miscellaneous
Reload this Page attack info :illegal resource record format
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-01-18
925305 925305 is offline
Junior Member
  
Join Date: 2006-01-18
Posts: 1
Rep Power: 0
925305 has an average reputation (10+)
Default attack info :illegal resource record format
In SmartTracker , some DNS requests are dropped by " attack info :illegal resource record format ". How can I solve it ?
Reply With Quote
  #2 (permalink)  
Old 2006-01-20
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,627
Rep Power: 5
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: attack info :illegal resource record format
Is there any more info? Src/Dest? is it one of your DNS servers?
Reply With Quote
  #3 (permalink)  
Old 2006-01-21
Sergej Sergej is offline
Senior Member
  
Join Date: 2005-11-21
Location: Europe, Lithuania
Posts: 291
Rep Power: 3
Sergej has an average reputation (10+)
Default Re: attack info :illegal resource record format
This is result of smartdefense inspecting DNS packets. You can disable it or just ignore.
The exact error must be "Attack Info: Illegal number of Resource Records"
Reply With Quote
  #4 (permalink)  
Old 2006-06-21
djbones djbones is offline
Junior Member
  
Join Date: 2006-06-21
Posts: 1
Rep Power: 0
djbones has an average reputation (10+)
Default Re: attack info :illegal resource record format
I am having this same issue. The traffic is between two of my own DNS servers (Windows domain controllers). The one making the request is behind a VPN-1 Edge X, and there is a tunnel to our FW-1. The packets are dropped by FW-1.

Number: 51453
Date: 21Jun2006
Time: 8:17:49
Product: SmartDefense
VPN-1 & FireWall-1
Interface: eth2c0
Origin: Xxxxxx (172.16.0.4)
Type: Log
Action: Drop
Service: domain-udp (53)
Source: vpnTest2 (10.1.2.30)
Destination: xxxxxxx.xxxx.corp (172.16.0.3)
Protocol: udp
Rule: 10
Source Port: 1597
Attack Name: Invalid DNS
Information: Attack Info: Illegal Resource Record format
Reply With Quote
  #5 (permalink)  
Old 2006-08-03
jimirezin jimirezin is offline
Junior Member
  
Join Date: 2006-08-03
Posts: 1
Rep Power: 0
jimirezin has an average reputation (10+)
Default Re: attack info :illegal resource record format
I'm having the same problem. It may have started when I installed sp1 for server 2003 but I'm not sure. My isp can't slave anymore and I can't slave from outside the firewall. Smartdefense seems to be broken....Checkpoint just said to apply the latest hotfix and call them back. It worked with this hotfix for over a year!
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 06:22.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0