In that same location (Application Intelligence > Content Protection > Malformed PNG), there is a checkbox item below the Action setting labeled "Block PNG Buffer Overflow". You may have to scroll the window to see it.
Dan Lynch, CISSP Information Technology Analyst County of Placer Auburn, CA > -----Original Message----- > From: Mailing list for discussion of Firewall-1 > [mailto:[email protected]] On Behalf > Of Crist Clark > Sent: Wednesday, February 25, 2009 12:40 PM > To: [email protected] > Subject: [FW-1] Disable PNG Buffer Overflow > > I'm trying to figure out what in the firewall is generating > these false alarms, > > Number: 212994 > Date: 24Feb2009 > Time: 3:49:21 > Product: SmartDefense > Attack: PNG Content Protection Violation > Attack Information: PNG Buffer overflow Blocked > Interface: eth0 > Origin: gibraltar0 > SmartDefense Profile: New_Gateways > Type: Log > Action: Drop > Service: http (80) > Source: 83.31.54.217 > Destination: glpconnect-hip (206.220.220.76) > Protocol: tcp > Source Port: 3205 > Policy Info: Policy Name: > internet-firewalls-combined > Created at: Mon Feb 23 > 16:03:36 2009 > Installed from: fwmgr-admin > > In SmartDefense I have Application Intelligence>Content > Protection>Malformed PNG set to "inactive." But in the > information for that item it says, > > Attack Detection: > > SmartView Tracker will log the following entries: > > Attack Name: PNG Content Protection Violation > > Attack Information: Malformed PNG > > So although the "Attack Name" matches, the "Attack Information" > does not, so I guess I should not be surprised that marking > this inactive doesn't stop these false alarms. > > So... What is generating these? I cannot seem to find it in > the SmartDefense tab in SmartDashboard (they really need a > search function for that). I've gone into GuiDBedit, since > there is a search function there, and found the "PNG Buffer > overflow Blocked" in the "Table>Other>inspect_logs> > dynlog_PNG_BUF_OVERFLOW" object, but that's not helping me > figure out how to disable the check from SmartDashboard. How > do I stop these checks? > > Scanned by Check Point Total Security Gateway. > > ================================================= > To set vacation, Out-Of-Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= > Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
