Check Point Advisories

WebSocket Traffic Over HTTP port

Check Point Reference: CPAI-2012-119
Date Published: 2 Apr 2012
Severity: Medium
Last Updated: Friday 22 November, 2024
Source:
Protection Provided by:

Security Gateway
R75
Who is Vulnerable? Computer networks
Vulnerability Description WebSocket allows bi-directional, full-duplex single socket connection between client and server.
Vulnerability DetailsOrdinary TCP connections to ports other than 80 are frequently blocked by network administrators to prevent unwanted traffic. WebSockets can be used as a way to bypass these restrictions.

Protection Overview

IPS will detect and block attempts to initiate WebSocket traffic over HTTP.
This protection is only applicable for IPS gateway version R75.40 and higher.

In order for the protection to be activated, update your Security Gateway product to the latest IPS update. For information on how to update IPS, go to SBP-2006-05, Protection tab and select the version of your choice.

Security Gateway R75.40 and higher

  1. In the IPS tab, click Protections and find the WebSocket Traffic Over HTTP port protection using the Search tool and Edit the protection's settings.
  2. Install policy on all modules.

SmartView Tracker will log the following entries:
Attack Name: Web Client Enforcement Violation
Attack Information: WebSocket traffic has been detected

×
  Feedback
This website uses cookies for its functionality and for analytics and marketing purposes. By continuing to use this website, you agree to the use of cookies. For more information, please read our Cookies Notice.
OK