[FW-1] SmartUpdate Strange Behavior

Fri, 07 Jun 2013 07:23:46 -0700 

Hi, this is my first message on this list.

I notice a strange behavior in the audit logs for the  
SmartUpdate. It is removing the licenses and the modifying the  
object but using a client IP so strange and different.

The client IP is always changing and they are from several  
places in the World. From HP and University of California to  
the Philipines and Kroatia.

Here are some logs.

Number:                         359621
Date:                           6Jun2013
Time:                           22:14:04
Application:                    SmartUpdate
Subject:                        Object Manipulation
Operation:                      Modify Object
Type:                           Log
Object Type:            cp_license
Performed On:           aap4FPKc5xkUyAVt4nErumXFzzBi2dSn7SfA
Changes:                        sku: added 'CPMP-EVR-1-NGX'  
;sku: added 'CPMP-EVR-1-NGX' ;
Administrator:          SmartUpdate
Client:                         localhost
Client IP:                      176-8-191-35- 
pmsk.broadband.kyivstar.net (176.8.191.35)
Object Table:           licenses
Operation Number:       1
Origin:                         smartcenter-frwjf01
Uid:                            {32123F79-41F5-4DA8-96AC- 
3892A3130EE5}


Number:                         359622
Date:                           6Jun2013
Time:                           22:14:04
Application:                    SmartUpdate
Subject:                        Object Manipulation
Operation:                      Modify Object
Type:                           Log
Object Type:            cp_license
Performed On:           aY7y5YeUa587x2Mic3PWC2w4pgb55QLvNYhr
Changes:                        sku: added 'CPSG-C-8-U' ;
Administrator:          SmartUpdate
Client:                         localhost
Client IP:                      112.202.163.14.pldt.net  
(112.202.163.14)
Object Table:           licenses
Operation Number:       1
Origin:                         smartcenter-frwjf01
Uid:                            {ED334410-2B17-4646-B7CE- 
98E57763B529}



Number:                         359623
Date:                           6Jun2013
Time:                           22:14:04
Application:                    SmartUpdate
Subject:                        Object Manipulation
Operation:                      Modify Object
Type:                           Log
Object Type:            cp_license
Performed On:           di89LY564bYrME5ixKHGAVZvEUgGbtSdrRhd
Changes:                        sku: added 'CPSG-C-8-U' ;
Administrator:          SmartUpdate
Client:                         localhost
Client IP:                      112.142.24.43.dynamic- 
range.ttt.co.th (112.142.24.43)
Object Table:           licenses
Operation Number:       1
Origin:                         smartcenter-frwjf01
Uid:                            {FDFDF472-3155-11E2-A437- 
000000005656}



Could someone help me with that? Did my firewall suffered an  
hacker attack?

Thank you.

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================

Reply via email to