Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Sig 4601

Is there a problem with signature 4601 ? I have seen it trigger from several thousand addresses within 2 days of adding it to a sensors.

1 REPLY
New Member

Re: Sig 4601

We have not yet seen false positives on Sig 4601 - CheckPoint Firewall RDP bypass.

The signature looks for specific binary pattern on UDP port 259, which is generally not in high use.

Do you have a Check Point Firewall installed ?

Can you send a log file of the alarm from the sensor to me to have a look at ?

thanks

Rohit

101
Views
0
Helpful
1
Replies
CreatePlease login to create content