Thread Info
  • State Verified Answer
  • +1 person also asked this people also asked this
  • Locked Locked
  • Replies 5 replies
  • Subscribers 28 subscribers
  • Views 3059 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Test simulating C&C communication

Juan Carlos Martinez

Hi everyone.

Testing a XG device with http://www.cpcheckme.com/checkme/ I have had trying to validate the second one test called "Command & Control Communication".

I have the latest firmware version and active IPS malware signatures for malware-backdoor, malware-cnc, malware-other, browser-x options and exploit-kit. Besides, it's actived ATP, and web filter (command and control category) but is not detected.

This validation is posted in C&C Communication:  https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solutionid=sk115236

CheckMe simulates this test by posting:

    • creditcard=1234&expyear=2017&ccv=123&pin=1234

 

    • to:

What is the best option to detect this test ?

Thank you,

Juan Carlos



This thread was automatically locked due to age.
Parents
  • 0

    Hi,

    that is an interesting test. I would also like an answer because my XG failed a number of those tests which have supposedly been enabled for detection on my XG.

    Ian

  • +1 in reply to rfcat_vk

    Mh - I am not quite sure, but this domain / service is provided by checkpoint. 

     
    cpcheckme.com - Whois:
    Check Point Software Technologies Ltd.
    5 Hasolelim St.
    Tel Aviv
     
    Maybe this is build to actively build to avoid other vendors.
    Btw: i would guess, those creditcard numbers are not be checked, because they are invalid. 
    No creditcard looks like this: creditcard=1234&expyear=2017&ccv=123&pin=1234
    https://www.snort.org/faq/readme-sensitive_data
    This is the Snort rule for CCLs. Snort actually check for valid data. 
     
    Just my guess about the Creditcard part. 
     
    The question is, how will the other parts be tested? If its the same process like in the first one - From my perspective, that are not valid tests. 
  • 0 in reply to LuCar Toni

    Unless you are provided with how it is testing the results are a bit dubious, mine  failed malware, C&C and browser exploit.

    Which browser exploit?

    Thank you for investigating and providing extra information.

    Ian

Reply Children