CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


CPUG Challenge 2018?? We will be holding another CPUG Challenge for 2018.
The plan is to time it around CPX again (earlier this year), but not necessarily limit it to those in attendance.
I'll provide more details as we get a bit closer, but be ready! -E

 

Results 1 to 4 of 4

Thread: IPS signatures - need to set ALL TOR to prevent!

  1. #1
    Join Date
    2015-09-22
    Posts
    3
    Rep Power
    0

    Default IPS signatures - need to set ALL TOR to prevent!

    Is there a way to search all of the known signatures for only those that detect certain things, such as TOR activity? if not automated, is there a manual way to find them?

    thanks,

    dave

  2. #2
    Join Date
    2006-03-08
    Location
    Lausanne
    Posts
    1,016
    Rep Power
    13

    Default Re: IPS signatures - need to set ALL TOR to prevent!

    Quote Originally Posted by nrg2brn View Post
    Is there a way to search all of the known signatures for only those that detect certain things, such as TOR activity? if not automated, is there a manual way to find them?

    thanks,

    dave
    Yes, there is, but not by signature.

    There are lists of TOR exit nodes available publicly (Google it). Then you can decide. You could feed this list to SAM rule script generator for temporal blockade. Or you can feed this list to some sort of a dynamic object that you then use on your FWs in a regular rules. Either way requires quite an effort for testing and proving method being safe and effective.

    AFAIK, no "automatic" easier options are out there.
    -------------

    Valeri Loukine
    CCMA, CCSM, CCSI
    http://checkpoint-master-architect.blogspot.com/

  3. #3
    Join Date
    2007-10-31
    Location
    Great Plains - USA
    Posts
    146
    Rep Power
    11

    Default Re: IPS signatures - need to set ALL TOR to prevent!

    Quote Originally Posted by nrg2brn View Post
    Is there a way to search all of the known signatures for only those that detect certain things, such as TOR activity? if not automated, is there a manual way to find them?

    thanks,

    dave
    If you are licensed for "Application & URL Filtering" the Anonymizer category may be helpful for you. Tor is defined application within that category.

    Kind regards,
    dbrown

  4. #4
    Join Date
    2011-08-02
    Location
    http://spikefishsolutions.com
    Posts
    1,482
    Rep Power
    8

    Default Re: IPS signatures - need to set ALL TOR to prevent!

    Could give this a try.

    https://www.cpug.org/forums/showthre...ic-block-lists

    This is no an offical checkpoint solutions but might be worth giving a try.

Similar Threads

  1. download IPS signatures from CLI ?
    By Irek_Romaniuk in forum IPS Blade (Formerly SmartDefense)
    Replies: 3
    Last Post: 2015-08-29, 07:23
  2. IPS Signatures dates
    By tangerine0072000 in forum IPS Blade (Formerly SmartDefense)
    Replies: 8
    Last Post: 2014-10-24, 12:32
  3. Simplified policy with public key signatures
    By skajpofon in forum IPsec VPN Blade (Virtual Private Networks)
    Replies: 2
    Last Post: 2013-09-26, 07:16
  4. Writing Custom Signatures in IPS Blade
    By sebastan_bach in forum IPS Blade (Formerly SmartDefense)
    Replies: 4
    Last Post: 2013-03-06, 00:25
  5. Updating IPS Signatures
    By urfankhaliq in forum IPS-1
    Replies: 3
    Last Post: 2010-12-01, 02:30

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •