CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
2. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
3. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > SmartDefense
Reload this Page Smartdefense and GotoMeeting
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-07-25
netsec netsec is offline
Junior Member
  
Join Date: 2005-10-03
Posts: 1
Rep Power: 0
netsec has an average reputation (10+)
Default Smartdefense and GotoMeeting
Has anyone found a way to overcome Smartdefense's rejection of GotoMeeting traffic over http?

Number: 202025
Date: 18Jul2006
Time: 9:58:39
Product: SmartDefense
Attack Name: Malformed HTTP
Attack Information: WSE0020001 illegal header format detected: Malformed HTTP request
Interface: eth-s1p2c0
Origin: HQGate (x.x.x.x)
Type: Log
Action: Reject
Service: http (80)
Source: ericchange1 (x.x.x.x)
Destination: egw.gotomeeting.com (x.x.x.x)
Protocol: tcp
Source Port: 1228
Reply With Quote
  #2 (permalink)  
Old 2006-07-26
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,648
Rep Power: 5
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: Smartdefense and GotoMeeting
For now you need to turn off the relevant protections.

Citrix has been informed but they haven't corrected the code yet. In a future release you will be able to mark web servers as know good and bypass the protection for that server.
Reply With Quote
  #3 (permalink)  
Old 2006-08-03
Coronabeer Coronabeer is offline
Junior Member
  
Join Date: 2006-07-23
Posts: 24
Rep Power: 0
Coronabeer has an average reputation (10+)
Default Re: Smartdefense and GotoMeeting
I get the same message for GoToAssist. I allow GoToMyPC and that worked until you get to the shared screen. Then I get..

Number: 522941
Date: 3Aug2006
Time: 14:39:10
Product: SmartDefense
Attack Name: Malformed HTTP
Attack Information: WSE0020001 illegal header format detected: Illegal start line in request
Interface: eth2c0
Origin: N (X.X.X.X)
Type: Log
Action: Reject
Service: http (80)
Source: X.X.X.X
Destination: X.X.X.X
Protocol: tcp
Source Port: 1453
Information: reason: M

I saw the reply on by chillijim on "relevant protections" where is that?
Reply With Quote
  #4 (permalink)  
Old 2006-08-04
kva.kva kva.kva is offline
Senior Member
  
Join Date: 2006-01-26
Location: Moscow, Russia
Posts: 706
Rep Power: 3
kva.kva has an average reputation (10+)
Default Re: Smartdefense and GotoMeeting
http://www.cpug.org/forums/search.php?searchid=66635
Search in the forum by "WSE0020001"
Reply With Quote
  #5 (permalink)  
Old 2006-11-15
tpearson tpearson is offline
Junior Member
  
Join Date: 2006-06-19
Location: St. Paul, MN
Posts: 4
Rep Power: 0
tpearson has an average reputation (10+)
Default Re: Smartdefense and GotoMeeting
Alternatively, you could allow 'GoToMyPc' port out (8200) goToMeeting uses the same port and tries them first.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 03:12.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0