> > >From: Shane Presley <[EMAIL PROTECTED]> > >Reply-To: Mailing list for discussion of Firewall-1 > ><[email protected]> > >To: [email protected] > >Subject: [FW-1] SmartDefense drops on 99444 > >Date: Wed, 12 Oct 2005 11:30:18 -0400 > > > >I'm getting SmartDefense drops on rule 99444. > > > >This should be legitimate traffic between a windows server and our > >domain controller. Do you know which SmartDefense trigger is causing > >this? > > > >Thanks > >Shane > >
In R55-AI, check the MS-RPC over CIFS Inspection Properies panel under SmartDefense. From the text: "Users of VPN-1 R55W and above and InterSpect will identify fragmented Bind requests with Attack Information 'MS-RPC over CIFS - Fragmented Bind detected' on the SmartView Tracker screen. Users of VPN-1 R55 will identify fragmented Bind requests log with rule no. 99444." As to what is causing it, I don't know. Ken McKinlay, GCIA, CISSP Network Security, Curtiss-Wright Controls, Embedded Computing [EMAIL PROTECTED] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
