cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
455
Views
0
Helpful
1
Replies

Sig 4601

ktimm
Level 1
Level 1

Is there a problem with signature 4601 ? I have seen it trigger from several thousand addresses within 2 days of adding it to a sensors.

1 Reply 1

rdhamank
Level 1
Level 1

We have not yet seen false positives on Sig 4601 - CheckPoint Firewall RDP bypass.

The signature looks for specific binary pattern on UDP port 259, which is generally not in high use.

Do you have a Check Point Firewall installed ?

Can you send a log file of the alarm from the sensor to me to have a look at ?

thanks

Rohit

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: