Bugtraq mailing list archives
Re: CheckPoint FW1 BUG (fwd)
From: bgreenbaum () SECURITYFOCUS COM (Ben Greenbaum)
Date: Fri, 7 Jul 2000 09:15:33 -0700
Forwarded to Bugtraq with permission of the author. Checkpoint has been notified by Mr. Vasquez. Can anyone else replicate this? Ben Greenbaum Director of Site Content Security Focus http://www.securityfocus.com ---------- Forwarded message ---------- Date: Fri, 7 Jul 2000 12:20:17 +0200 From: hugov <Hugo.Vazquez () add es> Subject: RE: CheckPoint FW1 BUG Dear Sirs, I think I have found a bug in CheckPoint Firewall-1. That´s what I have noticed : If you flood port 264 ( FW1_topo ) from your local network, the Firewall-1 CPU reaches 100% and nobody can connect with GUI ( neither on the firewall itself ). The test has been done on a local 10 MB Ethernet against a PII 266 256 MB, FW1 4.1 SP1 in a NT 4.0 SP4 with the ippacket software and spoofing the source IP, and that´s the packet sent : destination IP : Firewall (external interface) source IP : non existent IP ( on local net ) source port : 1000 destination port : 264 data: qwertyuiop1010101010 number of packets : -1 ( continuos mode ) Due to the importance of this port ( 264 ) in Securemote, etc... I think It would be interesting to investigate how much this attack could danger the system ( memory ) and comunications (smtp, VPN , Securemote...). I have not tested from the Internet. Sincerely, -- Hugo Vázquez Caramés Departamento Técnico de Sistemas Seguridad Corporativa - Grupo ADD mailto:Hugo.Vazquez () add es Tel. +34.93.580.25.00 Fax. +34.93.580.28.93
Current thread:
- Re: CheckPoint FW1 BUG (fwd) Ben Greenbaum (Jul 07)
- Re: CheckPoint FW1 BUG (fwd) Kis-Szabo Andras (Jul 08)