>>> On 2/25/2009 at 3:40 PM, Dan Lynch <[email protected]> wrote: > In that same location (Application Intelligence > Content Protection > > Malformed PNG), there is a checkbox item below the Action setting > labeled "Block PNG Buffer Overflow". You may have to scroll the window > to see it.
Yes, I saw that down there, but it's all greyed out since the whole item is "inactive." The box not checked anyway. >> -----Original Message----- >> From: Mailing list for discussion of Firewall-1 >> [mailto:[email protected]] On Behalf >> Of Crist Clark >> Sent: Wednesday, February 25, 2009 12:40 PM >> To: [email protected] >> Subject: [FW-1] Disable PNG Buffer Overflow >> >> I'm trying to figure out what in the firewall is generating >> these false alarms, >> >> Number: 212994 >> Date: 24Feb2009 >> Time: 3:49:21 >> Product: SmartDefense >> Attack: PNG Content Protection Violation >> Attack Information: PNG Buffer overflow Blocked >> Interface: eth0 >> Origin: gibraltar0 >> SmartDefense Profile: New_Gateways >> Type: Log >> Action: Drop >> Service: http (80) >> Source: 83.31.54.217 >> Destination: glpconnect-hip (206.220.220.76) >> Protocol: tcp >> Source Port: 3205 >> Policy Info: Policy Name: >> internet-firewalls-combined >> Created at: Mon Feb 23 >> 16:03:36 2009 >> Installed from: fwmgr-admin >> >> In SmartDefense I have Application Intelligence>Content >> Protection>Malformed PNG set to "inactive." But in the >> information for that item it says, >> >> Attack Detection: >> >> SmartView Tracker will log the following entries: >> >> Attack Name: PNG Content Protection Violation >> >> Attack Information: Malformed PNG >> >> So although the "Attack Name" matches, the "Attack Information" >> does not, so I guess I should not be surprised that marking >> this inactive doesn't stop these false alarms. >> >> So... What is generating these? I cannot seem to find it in >> the SmartDefense tab in SmartDashboard (they really need a >> search function for that). I've gone into GuiDBedit, since >> there is a search function there, and found the "PNG Buffer >> overflow Blocked" in the "Table>Other>inspect_logs> >> dynlog_PNG_BUF_OVERFLOW" object, but that's not helping me >> figure out how to disable the check from SmartDashboard. How >> do I stop these checks? Scanned by Check Point Total Security Gateway. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
