|Check Point Reference:||SBP-2006-09|
|Date Published:||14 Sep 2006|
|Last Updated:||8 May 2007|
|Source:||SmartDefense Research Center|
|Protection Provided by:|
|Who is Vulnerable?|
|Vulnerability Description||Storm Centers collect logging information about attacks, provided voluntarily by organization from all around the world. Storm Centers compare and present reports on real-time threats to network security.
The SmartDefense Storm Center Module enables information flow between the network Storm Centers, and the organizations requiring network security information. One of the leading Storm Centers is SANS Dshield.org. DShield.org gathers statistics and presents it as a series of reports at http://feeds.dshield.org/block.txt.
|Vulnerability Details||Check Point SmartDefense integrates with the SANS DShield.org Storm Center in two ways: |
1. Retrieving and blocking malicious IPs- The DShield.org Storm Center produces a frequently updated Block List report, which is a list of address ranges that are worth blocking. The SmartDefense Storm Center retrieves and adds this list to the Security Policy.
2. Reporting to DShield - You can decide to send logs to the Storm Center in order to help other organizations combat the threats that were directed at your own network. You can decide which logs to send by selecting the rules for which you want to send logs. The logs that are submitted to the Storm Center contain information such as Connection parameters (Source IP Address, Destination IP Address, Source Port, Destination Port, IP protocol) and Rule Base Parameters (Time, action).
Storm Centers have a special interest in receiving logging information about issues such as unwanted port 80 traffic reaching the organization and HTTP Worms caught by the SmartDefense General HTTP Worm Catcher.