[FW-1] Disable PNG Buffer Overflow

Crist Clark Wed, 25 Feb 2009 12:53:18 -0800

I'm trying to figure out what in the firewall is generating
these false alarms,


Number:                         212994
Date:                                   24Feb2009
Time:                                   3:49:21
Product:                        SmartDefense
Attack:                                 PNG Content Protection Violation
Attack Information:             PNG Buffer overflow Blocked
Interface:                      eth0
Origin:                                 gibraltar0
SmartDefense Profile:   New_Gateways
Type:                                   Log
Action:                                 Drop
Service:                        http (80)
Source:                         83.31.54.217
Destination:                    glpconnect-hip (206.220.220.76)
Protocol:                       tcp
Source Port:                    3205
Policy Info:                    Policy Name: internet-firewalls-combined
                                        Created at: Mon Feb 23 16:03:36 2009
                                        Installed from: fwmgr-admin

In SmartDefense I have Application Intelligence>Content
Protection>Malformed PNG set to "inactive." But in the
information for that item it says,

  Attack Detection:

  SmartView Tracker will log the following entries:

  Attack Name: PNG Content Protection Violation

  Attack Information: Malformed PNG

So although the "Attack Name" matches, the "Attack Information"
does not, so I guess I should not be surprised that marking
this inactive doesn't stop these false alarms.

So... What is generating these? I cannot seem to find it in
the SmartDefense tab in SmartDashboard (they really need a
search function for that). I've gone into GuiDBedit, since
there is a search function there, and found the "PNG Buffer
overflow Blocked" in the "Table>Other>inspect_logs>
dynlog_PNG_BUF_OVERFLOW" object, but that's not helping me
figure out how to disable the check from SmartDashboard. How
do I stop these checks?

Scanned by Check Point Total Security Gateway.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

[FW-1] Disable PNG Buffer Overflow

Reply via email to