CPUG: The Check Point User Group

Resources for the Check Point Community, by the Check Point Community.


Tim Hall has done it again! He has just released the 2nd edition of "Max Power".
Rather than get into details here, I urge you to check out this announcement post.
It's a massive upgrade, and well worth checking out. -E

 

Results 1 to 2 of 2

Thread: Doubts on IPS

  1. #1
    Join Date
    2017-04-08
    Posts
    17
    Rep Power
    0

    Default Doubts on IPS

    Hi All,

    I was going through IPS blade on checkpoint R80.10. To test IPS i deployed windows XP SP3 machine at inside side of firewall and a kali linux on outside side of firewall. I created a access rule from kali to xp and allow all traffic.

    In IPS blade, the default policy is installed with profile optimized.

    To test if IPS detect an attack, i used famous ms08-067 exploit.

    For this specific exploit in IPS protection, i changed action to prevent first for optimized profile and installed the policy.

    I ran exploit through metasploit and expolit didn't worked and in logs IPS prevented it.

    Now i change the action to detect for optimized profile in IPS protection and again installed the policy.

    Again run the exploit through metasploit but again it didn't worked and in logs again IPS is preventing it.

    i don't know if i am missing something or we need to make some more modifications somewhere.

    The objective is i want this exploit to run and IPS just detect and log it.

    Kindly help me here.

    Thanks.

  2. #2
    Join Date
    2005-08-14
    Location
    Gig Harbor, WA, USA
    Posts
    2,485
    Rep Power
    16

    Default Re: Doubts on IPS

    Pretty sure that the default action for the MS08-067 protection is Optimized or Strict profiles is Prevent.
    Did you install the Firewall policy or the Threat Prevention policy?
    Note for R80.10+ gateways, you need to install the Threat Prevention policy if you make changes to the IPS Policy (in earlier releases, you push the Firewall/Access Control policy).
    http://phoneboy.org
    Unless otherwise noted, views expressed are my own

Similar Threads

  1. Secure XL -- Some doubts
    By ankda14 in forum R80.10
    Replies: 1
    Last Post: 2018-07-19, 23:17
  2. Application control doubts and queries
    By blason in forum R77.30
    Replies: 7
    Last Post: 2015-10-09, 09:14
  3. Basic doubts with CheckPoint
    By anthonws in forum Installing And Upgrading
    Replies: 2
    Last Post: 2008-07-31, 09:42
  4. Doubts about SMTP resource
    By oziko in forum Content Security/Security Servers/CVP/UFP
    Replies: 3
    Last Post: 2007-05-20, 08:28
  5. Basic doubts in NAT rule base.
    By jagclinton in forum NAT (Network Address Translation)
    Replies: 2
    Last Post: 2007-04-20, 12:18

Tags for this Thread

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •