supportcenter.checkpoint.com
Open in
urlscan Pro
194.29.39.18
Public Scan
URL:
https://supportcenter.checkpoint.com/supportcenter/portal?eventsubmit_dogoviewsolutiondetails=&solutionid=sk74060
Submission: On March 29 via api from MX — Scanned from DE
Submission: On March 29 via api from MX — Scanned from DE
Form analysis 4 forms found in the DOM
Name: searchform — POST https://supportcenter.checkpoint.com/supportcenter/portal
<form style="position:relative" name="searchform" method="post" action="https://supportcenter.checkpoint.com/supportcenter/portal" onsubmit="cp_show_loading_div();setSearch('false');" data-swiftype-index="false">
<input type="hidden" id="js_peid" name="js_peid" value="P-14d3e809b51-10001">
<input type="hidden" id="SearchType" name="SearchType" value="">
<input type="hidden" id="action" name="action" value="portlets.SupportCenterSearchAction">
<input type="hidden" id="productDescription" name="productDescription">
<!--<input id="eventSubmit_doSearch" name="eventSubmit_doSearch" type="hidden" />-->
<div class="scSearchInputWrap scSearchInputCustom">
<input id="keyWordsInput" name="keyWords" type="text" class="scSearchInputField cp_text ui-autocomplete-input" placeholder="Search Support Center" autocomplete="off">
</div>
<div class="scSearchInputButton" onclick="javascript: setSearch('false');cp_show_loading_div();document.searchform.submit()" style="left: 580px;"></div>
</form>Name: topRatingForm —
<form name="topRatingForm" class="solutionDetailsRate" style="padding-right: 7px;border-right: 2px solid rgb(227, 227, 227);">
<table class="starsTable">
<tbody>
<tr>
<td star_number="1" class="ratingStar"></td>
<td star_number="2" class="ratingStar"></td>
<td star_number="3" class="ratingStar"></td>
<td star_number="4" class="ratingStar"></td>
<td star_number="5" class="ratingStar"></td>
<td style="padding-left:5px">
<a id="rateThisLink" targetid="feedbackForm" class="checkpoint_navigate" style="position:relative;top:-3px;text-decoration:underline">Rate This</a>
<span style="display:none;" class="rateLabel">Rating submitted</span>
</td>
</tr>
<tr style="display:none;" class="submitErrorMessage">
<td colspan="6">Your rating was not submitted, please try again later</td>
</tr>
</tbody>
</table>
</form>Name: bottomRatingForm —
<form name="bottomRatingForm">
<table>
<tbody>
<tr>
<td>
<span class="rateDocumentQuestion">Please rate this document</span>
<span style="display:none;" class="rateLabel">Rating submitted</span>
</td>
<td>
<div class="rateArea">
<table class="starsTable">
<tbody>
<tr>
<td star_number="1" class="ratingStar"></td>
<td star_number="2" class="ratingStar"></td>
<td star_number="3" class="ratingStar"></td>
<td star_number="4" class="ratingStar"></td>
<td star_number="5" class="ratingStar"></td>
<td></td>
<td valign="top" align="left">
<span style="padding-left: 20px;" id="rateLabel2">[1=Worst,5=Best]</span>
</td>
</tr>
</tbody>
</table>
</div>
</td>
<td>
<div style="display:none;" class="submitErrorMessage"> Your rating was not submitted, please try again later </div>
</td>
</tr>
</tbody>
</table>
<input type="hidden" name="solutionID" value="sk74060">
<input type="hidden" name="title" value="Anti-Virus Malware DNS Trap feature">
<input type="hidden" name="owner" value="Liron Rubin">
<input type="hidden" name="ownerId" value="1-4JAM5NE">
<input type="hidden" name="js_peid" value="P-14d3e809b51-10001">
<input type="hidden" name="sr" value="">
</form>Name: feedbackForm —
<form name="feedbackForm">
<table id="commentsTable">
<tbody>
<tr>
<td style="font-weight:bold">Comment </td>
<td>
<textarea placeholder="Enter your comment here" id="solutionComment" name="solutionComment" class="commentsValid" maxlength="2000" onfocus="expandForm()" wrap="VIRTUAL" rows="1"></textarea>
</td>
<!--<textarea placeholder="Enter your comment here" id="solutionComment" name="solutionComment" class="commentsValid" onKeyDown="checkCharCount(this.value)"
onKeyUp="checkCharCount(this.value)" onBlur="checkCharCount(this.value);handleMessageBlur(this.value);"
onFocus="handleMessageFocus(event);expandForm()" wrap="VIRTUAL" rows="1" cols="110"></textarea>-->
<!--<div style="position:relative">
<div id="promptText" class="textPromptText" onClick="document.feedbackForm.solutionComment.focus();">
<span class="textComment">Enter your comment here</span>
</div>
</div>-->
<td></td>
</tr>
<tr>
<td></td>
<td style="overflow-y:hidden;">
<div id="captchaForm" style="display:block;height:0px;overflow-y:hidden;">
<div class="g-recaptcha" data-sitekey="6Le4IwETAAAAAEH9WJjuiZaEDpDmOkHoLaJem7_e">
<div style="width: 304px; height: 78px;">
<div><iframe title="reCAPTCHA"
src="https://www.google.com/recaptcha/api2/anchor?ar=1&k=6Le4IwETAAAAAEH9WJjuiZaEDpDmOkHoLaJem7_e&co=aHR0cHM6Ly9zdXBwb3J0Y2VudGVyLmNoZWNrcG9pbnQuY29tOjQ0Mw..&hl=de&v=vpEprwpCoBMgy-fvZET0Mz6L&size=normal&cb=icwy5yrm0mgd"
width="304" height="78" role="presentation" name="a-wxc9qdr5xeds" frameborder="0" scrolling="no"
sandbox="allow-forms allow-popups allow-same-origin allow-scripts allow-top-navigation allow-modals allow-popups-to-escape-sandbox"></iframe></div><textarea id="g-recaptcha-response" name="g-recaptcha-response"
class="g-recaptcha-response" style="width: 250px; height: 40px; border: 1px solid rgb(193, 193, 193); margin: 10px 25px; padding: 0px; resize: none; display: none;"></textarea>
</div><iframe style="display: none;"></iframe>
</div>
<br>
<div>
<button type="button" class="cp_btn feedbackSubmit" onclick="doFeedback()">Submit</button>
<button class="cp_btn feedbackSubmit" onclick="cancelFeedback();return false;">Cancel</button>
<div id="submitMessage" style="display:none">Submitting rating</div>
</div>
</div>
</td>
<td></td>
</tr>
</tbody>
</table>
<input type="hidden" name="solutionID" value="sk74060">
<input type="hidden" name="title" value="Anti-Virus Malware DNS Trap feature">
<input type="hidden" name="owner" value="Liron Rubin">
<input type="hidden" name="js_peid" value="P-14d3e809b51-10001">
<input type="hidden" name="sr" value="">
<div id="feedbackDone" style="font-weight:bold;padding-left:2px;display:none;"> Thank you for your feedback! </div>
</form>Text Content
Choose your language...
Japanese
English
Products
Products
Quantum
Secure the Network
Quantum Maestro
Quantum Security Gateway
Quantum Spark
Quantum Scalable Chassis
Quantum Edge
Quantum IoT Protect
Quantum VPN
Quantum Smart-1
Quantum Smart-1 Cloud
CloudGuard
Secure The Cloud
CloudGuard Network
CloudGuard Posture Management
CloudGuard Workload
CloudGuard AppSec
CloudGuard Intelligence
Harmony
Secure Users & Access
Harmony Endpoint
Harmony Connect
Harmony Browse
Harmony Email & Office
Harmony Mobile
Infinity-Vision
Unified Management
Infinity Portal
Infinity SOC
Infinity Unified Management
View All Products
Solution
Solution
Cloud Security
Containers & Serverless Security
Cloud Compliance & Governance
AWS Security
Azure Security
GCP Security
Branch Cloud Security
Branch Virtual Security
Business Size & Industry
Data Center & High Performance
Large Enterprise
Small and Medium Business
Consumer and Small Business
Retail
Financial Services
Government
Healthcare
Industrial Control Systems ICS & SCADA
Telco
Education
Topic
Secure Remote Workforce
Anti-Ransomware
Cloud Security
Endpoint Security
Enterprise Mobile Security
GDPR
GRC
IoT Security
Network Security
SD-WAN Security
Zero Trust Security
Zero-Day Protection
Solutions Overview
Support & Services
Support & Services
Support
Create/View Service Request
Contact Support
Check Point Pro
Support Programs
Life Cycle Policy
License Agreement & Warranty
RMA Policy
Training
Training and Certification
Cyber Range Courses
Learning Credits
HackingPoint Courses
Secure Academy
Knowledge Base
eLearning
Services
Professional Services
Lifecycle Management Services
Security Consulting
ThreatCloud Managed Security Service
Partners
Partners
Channel Partners
Become a Partner
Find a Partner
Technology Partners
Technology Partners
Featured Technology Partners
Partner Portal
PartnerMAP Sign In
Resources
Resources
Resources
Content Resource Center
Product Demos
Product Trials
Customer Stories
Events
Webinars
Videos
Glossary
Downloads and Documentation
Downloads and Documentation
Product Catalog
Renewal Pricing Tool
Cyber Security Insights
Check Point Blog
Check Point Research
Cyber Talk for Executives
CheckMates Community
Free Demo
Contact Us
Support Center
Blog
Sign In
Free Demo
Contact Us
Support Center
Blog
Sign In
Products
Products
Quantum
Secure the Network
Quantum Maestro
Quantum Security Gateway
Quantum Spark
Quantum Scalable Chassis
Quantum Edge
Quantum IoT Protect
Quantum VPN
Quantum Smart-1
Quantum Smart-1 Cloud
CloudGuard
Secure The Cloud
CloudGuard Network
CloudGuard Posture Management
CloudGuard Workload
CloudGuard AppSec
CloudGuard Intelligence
Harmony
Secure Users & Access
Harmony Endpoint
Harmony Connect
Harmony Browse
Harmony Email & Office
Harmony Mobile
Infinity-Vision
Unified Management
Infinity Portal
Infinity SOC
Infinity Unified Management
View All Products
Solution
Solution
Cloud Security
Containers & Serverless Security
Cloud Compliance & Governance
AWS Security
Azure Security
GCP Security
Branch Cloud Security
Branch Virtual Security
Business Size & Industry
Data Center & High Performance
Large Enterprise
Small and Medium Business
Consumer and Small Business
Retail
Financial Services
Government
Healthcare
Industrial Control Systems ICS & SCADA
Telco
Education
Topic
Secure Remote Workforce
Anti-Ransomware
Cloud Security
Endpoint Security
Enterprise Mobile Security
GDPR
GRC
IoT Security
Network Security
SD-WAN Security
Zero Trust Security
Zero-Day Protection
Solutions Overview
Support & Services
Support & Services
Support
Create/View Service Request
Contact Support
Check Point Pro
Support Programs
Life Cycle Policy
License Agreement & Warranty
RMA Policy
Training
Training and Certification
Cyber Range Courses
Learning Credits
HackingPoint Courses
Secure Academy
Knowledge Base
eLearning
Services
Professional Services
Lifecycle Management Services
Security Consulting
ThreatCloud Managed Security Service
Partners
Partners
Channel Partners
Become a Partner
Find a Partner
Technology Partners
Technology Partners
Featured Technology Partners
Partner Portal
PartnerMAP Sign In
Resources
Resources
Resources
Content Resource Center
Product Demos
Product Trials
Customer Stories
Events
Webinars
Videos
Glossary
Downloads and Documentation
Downloads and Documentation
Product Catalog
Renewal Pricing Tool
Cyber Security Insights
Check Point Blog
Check Point Research
Cyber Talk for Executives
CheckMates Community
Choose your language...
Japanese
English
Support Center > Search Results > SecureKnowledge Details
Anti-Virus Malware DNS Trap feature Technical Level
Rate This Rating submitted Your rating was not submitted, please try again later
Email Print
Solution ID sk74060 Technical Level Product Anti-Virus Version R77.30 (EOL),
R80.10 (EOL), R80.20 (EOL), R80.30 (EOL), R80.40, R81, R81.10, R81.20 Date
Created 30-Mai-2012 Last Modified 03-Jan-2023
Solution
Malware DNS Trap identifies compromised clients that try to access known
malicious domains. When this feature is enabled, the Gateway does not block DNS
requests identified as malicious. The response is tampered with, and a false
(bogus) IP address is returned to the client. With the Malware DNS Trap, you can
then detect compromised clients by checking logs with connection attempts to the
false IP address. Consecutive connections addressed to the bogus IP are blocked.
* When the Gateway allows the DNS request, it generates a DNS reputation log
with "Connection was allowed because a DNS trap was set" description.
* When the Gateway tampers the DNS response, the description of the DNS
reputation log is replaced with "DNS response was replaced with a DNS trap
bogus IP" description.
* Connections to the bogus IP are logged with DNS Trap protection type and
"Connection to DNS trap bogus IP" description.
You can set the bogus IP address to be the IP address of the Gateway's external
interface or another IP address. When the Gateway's external interface is
defined as the bogus IP, this feature may cause drops of connections addressed
to the Gateway. Therefore, it is recommended to define a bogus IP address and
not use the external interface of the Gateway.
Note: When a client tries to connect to a bogus IP address after receiving a
reply to the original DNS request, the connection is blocked on the first (SYN)
packet. Accordingly, there is nothing to capture.
DNS TRAP CONFIGURATION
In the Anti-Bot and Anti-Virus section of the Security Gateway object:
1. In SmartConsole, click Gateways & Servers and double-click Security Gateway.
The Gateway window opens and shows the General Properties page.
2. From the navigation tree, select Anti-Bot and Anti-Virus.
3. In the Malicious DNS Trap section, choose one of the options:
* According to profile settings - use the Malware DNS Trap IP address
configured for each profile.
* IP - enter the IP address for all the profiles assigned to this Security
Gateway:
The default value for DNS trap IP is 62.0.58.94.
If for some reason you cannot use the default IP address 62.0.58.94 as a DNS
trap, you can define a specific IP address. At the Security Gateway level,
you can use the settings defined for the profiles or a specified IP address
that is used by all profiles used on the specific Gateway.
When you define the Gateway's external interface, there is a list of ports
for which Gateway addressed traffic will not be blocked. You can edit this
list in thye $FWDIR/conf/malware_config file in the
dns_redirection_exceptions section.
To set the Malware DNS Trap parameters in the Anti-Bot and Anti-Virus profile:
For R81.x:
1. In SmartConsole, select Security Policies.
2. From the Custom Policy Tools section, click Profiles.
3. Edit the relevant Profile and go to Malware DNS Trap:
For R80.x:
1. In SmartConsole, select Security Policies.
2. From the Threat Tools section, click Profiles.
3. Edit the relevant Profile and go to Malware DNS Trap:
For information about how to configure a Malware DNS Trap, refer to Threat
Prevention Administration Guide.
Related solution: sk92224 - Resource Categorization for Anti-Bot / Anti-Virus
DNS Settings optimization
Give us Feedback
Please rate this document Rating submitted
[1=Worst,5=Best]
Your rating was not submitted, please try again later
Comment
Submit Cancel
Submitting rating
Thank you for your feedback!
Thanks for your feedback!
Are you sure you want to rate this stars?
SECURE YOUR EVERYTHING™
©
1994-2023 Check Point Software Technologies Ltd. All rights reserved.
Copyright | Privacy Policy
Follow Us
Copying Internal ContentClose
The information you are about to copy is INTERNAL! DO NOT share it with anyone
outside Check Point.
OK
Define your search:
Search entire support site