Support Center > Alerts > SecureKnowledge Details
Support Center
The information you are about to copy is INTERNAL! DO NOT share it with anyone outside Check Point.
 Print    Email
Check Point Response to Stonesoft IPS Evasion Techniques published on June 14, 2011

Solution ID: sk63621
Severity: Medium
Product: IPS
Version: R75, R71, R70
Platform / Model: All
Date Created: 14-Jun-2011
Last Modified: 09-Jun-2014
Rate this document
  • Stonesoft Corporation reported a number of techniques for evading the IPS/IDS detection. This publication should not be confused with Stonesoft "Advanced Evasion Techniques" advisory (CVE-2010-0102) discussed in sk59468.
  • Check Point has verified that all versions of the Check Point IPS blade properly block and report on these evasion techniques. Read the "Solution" section for details.

Stonesoft evasion techniques use a combination of TCP segmentation and MS-RPC fragmentation as well as manipulation of TCP window size and congestion control. For details refer to CERT-FI advisory.


No IPS update or patches are required.

Customers that use the recommended IPS profile in prevention mode are protected.
Customers that do not use the recommended profile, should verify that "MS-RPC over CIFS Fragmentation" protection in IPS is enabled.

Give us Feedback
Rate this document
Additional comments...(Max 2000 characters allowed)
Characters left: 2000