Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
460
Views
0
Helpful
1
Replies

Sig 4601

ktimm
Level 1
Level 1

‎01-11-2002 12:14 PM - edited ‎03-08-2019 09:33 PM

Is there a problem with signature 4601 ? I have seen it trigger from several thousand addresses within 2 days of adding it to a sensors.

Labels:
0 Helpful
1 Reply 1

rdhamank
Level 1
Level 1

‎01-11-2002 12:59 PM

We have not yet seen false positives on Sig 4601 - CheckPoint Firewall RDP bypass.

The signature looks for specific binary pattern on UDP port 259, which is generally not in high use.

Do you have a Check Point Firewall installed ?

Can you send a log file of the alarm from the sensor to me to have a look at ?

thanks

Rohit

0 Helpful
Customers Also Viewed These Support Documents