Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Antispoofing and bootp

To: "'[email protected]'" <[email protected]>, "[email protected]" <[email protected]>
Subject: RE: [FW1] Antispoofing and bootp
From: MICHAEL J LAWRENCE <[email protected]>
Date: Wed, 16 May 2001 12:45:48 -0400
Organization: FOX TECHNOLOGY
Reply-to: "[email protected]" <[email protected]>
Sender: [email protected]

Only ONE interface should have ''others".  What this means is "I will 
accept anything that is not defined as valid on the OTHER interfaces" 
 Typically, you configure your external interface for "others".

Create a valid group for DMZ01 and DMZ02 and use the "specific" setting in 
the same fashion as you did for your internal interface.

As for the bootp traffic, it is a common practice to create a rule right 
before the cleanup rule that blocks this type of traffic with NO tracking. 
 That way, they're still dropped but don't clutter the log.  Sinc CPMAD 
pulls its information from the log, this will also stop this traffic from 
triggering your CPMAD alerts.

Michael J Lawrence CISSP CCSI

-----Original Message-----
From:	[email protected] [SMTP:[email protected]]
Sent:	Tuesday, May 15, 2001 5:10 PM
To:	[email protected]
Subject:	[FW1] Antispoofing and bootp




I am having some antispoofing configuration problems.
CPMAD keeps on getting ativated by bootp reguests.
When I look in the Check Point Logviewer I see this:

Service:  bootp
Source:        (blank)
Destination:   255.255.255.255
Proto:         udp
Rule:          0
S_Port:        68

I am running Check Point  v4.1 sp3
I have configured and enable CPMAD.
I have 4 network cards installed and have configured this under the 
Interface
properties->Security
under Valid Address

Internet adapter         El90x1    - Others
DMZ01               El90x2    - Others
DMZ02               El90x3    - Others
Internal LAN        El90x4    - Specific->AntiSpoof-Group


The Antispoof  group consists of my two internal networks.
I'm also running DHCP in my internal network.

My question is do I have to create a Network object of 255.255.255.255 and 
place
 it in the AntiSpoof group?
Will this stop the CPMAD from activating?


Thanks

AC





========================================================================  
========
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
========================================================================  
========



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] port 10008
Next by Date: Re: [FW1] Blocking vbs attachments in sp2
Previous by thread: RE: [FW1] Antispoofing and bootp
Next by thread: RE: [FW1] Antispoofing and bootp
Index(es):
- Date
- Thread