What version are you using? We're seeing the same continual license delete and
add nonsense on R76 Gaia and it was not there on R75.20. I'll have to look and
see what the client IP is on Monday. We noticed it because if the syslog alerts.
Ray
> Date: Fri, 7 Jun 2013 07:02:00 -0700
> From: felipe.alme...@mrs.com.br
> Subject: [FW-1] SmartUpdate Strange Behavior
> To: FW-1-MAILINGLIST@AMADEUS.US.CHECKPOINT.COM
>
> Hi, this is my first message on this list.
>
> I notice a strange behavior in the audit logs for the
> SmartUpdate. It is removing the licenses and the modifying the
> object but using a client IP so strange and different.
>
> The client IP is always changing and they are from several
> places in the World. From HP and University of California to
> the Philipines and Kroatia.
>
> Here are some logs.
>
> Number: 359621
> Date: 6Jun2013
> Time: 22:14:04
> Application: SmartUpdate
> Subject: Object Manipulation
> Operation: Modify Object
> Type: Log
> Object Type: cp_license
> Performed On: aap4FPKc5xkUyAVt4nErumXFzzBi2dSn7SfA
> Changes: sku: added 'CPMP-EVR-1-NGX'
> ;sku: added 'CPMP-EVR-1-NGX' ;
> Administrator: SmartUpdate
> Client: localhost
> Client IP: 176-8-191-35-
> pmsk.broadband.kyivstar.net (176.8.191.35)
> Object Table: licenses
> Operation Number: 1
> Origin: smartcenter-frwjf01
> Uid: {32123F79-41F5-4DA8-96AC-
> 3892A3130EE5}
>
>
> Number: 359622
> Date: 6Jun2013
> Time: 22:14:04
> Application: SmartUpdate
> Subject: Object Manipulation
> Operation: Modify Object
> Type: Log
> Object Type: cp_license
> Performed On: aY7y5YeUa587x2Mic3PWC2w4pgb55QLvNYhr
> Changes: sku: added 'CPSG-C-8-U' ;
> Administrator: SmartUpdate
> Client: localhost
> Client IP: 112.202.163.14.pldt.net
> (112.202.163.14)
> Object Table: licenses
> Operation Number: 1
> Origin: smartcenter-frwjf01
> Uid: {ED334410-2B17-4646-B7CE-
> 98E57763B529}
>
>
>
> Number: 359623
> Date: 6Jun2013
> Time: 22:14:04
> Application: SmartUpdate
> Subject: Object Manipulation
> Operation: Modify Object
> Type: Log
> Object Type: cp_license
> Performed On: di89LY564bYrME5ixKHGAVZvEUgGbtSdrRhd
> Changes: sku: added 'CPSG-C-8-U' ;
> Administrator: SmartUpdate
> Client: localhost
> Client IP: 112.142.24.43.dynamic-
> range.ttt.co.th (112.142.24.43)
> Object Table: licenses
> Operation Number: 1
> Origin: smartcenter-frwjf01
> Uid: {FDFDF472-3155-11E2-A437-
> 000000005656}
>
>
>
> Could someone help me with that? Did my firewall suffered an
> hacker attack?
>
> Thank you.
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to lists...@amadeus.us.checkpoint.com
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> fw-1-ow...@ts.checkpoint.com
> =================================================
Email secured by Check Point
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to lists...@amadeus.us.checkpoint.com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-ow...@ts.checkpoint.com
=================================================
