We have Checkpoint Firewalls, after a while trying to make the block IP workand several issues opened with Solarwinds we found that the response works wonders. Many times hackers try to issue all kinds of commands on our public servers to try to bring them down or maybe deface the web pages, I was blocking the IPs but found that I could not verify where the command was going, it was not in the firewall Smart Dashboard. Well... I found out that the command works on the SmarView Monitor Suspiciuos Activity Rules, vuala.... all the IPs I tried to block were there. From then on if I see anything suspicious going through and stopping at the cleaning rule and being repetitive, I check the IP, if it is black listed or not yet analyzed I block it. This has helped the traffic flow a lot better and just with the click of the mouse.
↧