We have still the problem to verify if the Checkpoint plug-in is working. We have the correct IDS signatures and from this see that the jpg's we opened were really infected, but we don't get an entry in the Smart Tracker which seems to us like CP AI is not working. We have the Management station on R55, but the node we want it to take effect is on R54. Should that still work or do we have to upgrade the nodes to R55? Philippp
>>> [EMAIL PROTECTED] 30.09.2004 04:17:35 >>> I don't know about exploits but we've only seen one IP address blocked via rule 9080, so at least it isn't false posiive crazy. Ray >From: Philipp M�ller < [EMAIL PROTECTED] > >Reply-To: Mailing list for discussion of Firewall-1 >< [EMAIL PROTECTED] > >To: [EMAIL PROTECTED] >Subject: Re: [FW-1] JPEG/GDI+ DLL Exploit >Date: Thu, 30 Sep 2004 00:06:56 +0200 > >Hi Andras, > >Have you the update version 541040926 and Malformed JPEG selected? >If yes, what is your experience with it on the different JPEGofDeath >exploit >codes? How many do you detect? > >So far we know of 4 different exploit codes. > >cheers >Philipp > > >>> [EMAIL PROTECTED] 29.09.2004 11:07:00 >>> >Hi, > > > Anyone know if you can utilize SmartDefense to catch an HTTP session >with a > > vulnerable JPEG. >Yes, there is a special tab for this in the updated SmartDefense.It is >able to block the problematic JPEGs (in all protocols where the proto >type is HTTP). >The update ID is 541040922 (Sept 22.) > >Best regards, > >Andras > >-- >Andras Kis-Szabo >Security Product Manager >DNS Hungary Ltd. http://www.dns-hungary.hu/CheckPoint >phone://+36(1) 457 9956 http://www.dns-hungary.hu/RSA >fax://+36(1) 457 9953 http://www.dns-hungary.hu/nCipher >gsm://+36(20)519 1854 http://www.dns-hungary.hu/VMware > http://www.dns-hungary.hu > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at > http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email > [EMAIL PROTECTED] >================================================= > > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at > http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email > [EMAIL PROTECTED] >================================================= _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today - it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
