Bugtraq mailing list archives
Re: CheckPoint FW1 BUG (fwd)
From: kisza () SCH BME HU (Kis-Szabo Andras)
Date: Sat, 8 Jul 2000 11:01:29 +0200
Hi,
If you flood port 264 ( FW1_topo ) from your local network, the Firewall-1 CPU reaches 100% and nobody can connect with GUI ( neither on the firewall itself ). The test has been done on a local 10 MB Ethernet against a PII 266 256 MB, FW1 4.1 SP1 in a NT 4.0 SP4 with the ippacket software and spoofing the source IP, and that´s the packet sent :
I've got 2 question: - is the DoS present on SUN/Solaris platforms? ( || only NT?) - if You deny the FireWall-1 controll connections on the properties screen, and add the minimum rules to the rulebase with specify the explicit src/dst addressess (and controll protocolls) , stops the DoS, or not? (CheckPoint using the interface correctly?) REgards, kisza -- Kis-Szabo Andras Budapest University of Technology and Economics ---------------------------/ Schonherz Dormitory kisza () sch bme hu /---------------------------------33O-->>>>.Info
Current thread:
- Re: CheckPoint FW1 BUG (fwd) Ben Greenbaum (Jul 07)
- Re: CheckPoint FW1 BUG (fwd) Kis-Szabo Andras (Jul 08)