Bugtraq mailing list archives

Re: Checkpoint NG3 ICMP Flood

From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 18 Dec 2006 21:04:00 +0100 (CET)

On Mon, 18 Dec 2006, bdmoraes () bol com br wrote:

I have one checkpoint NG3 in my company and verifying in Tracking i have tousands of events with ICMP type 8 and type 
17.

The events has origin in my internal networks, with one problem .. the Source IP is my PAT address for internal hosts 
to internet.

Is there any bug of Checkpoint? Anyone already seen this event?

I will go verify with sniffers and other tools, but this IP (Only for PAT) is no routeable in my internal networks...

I strongly doubt you found a bug in the software. Your report is missingcrucial information.

 - Exact Check Point version (fw ver)?
        (Did you apply the minimal required HFA on NG FP3?)
 - How did you configure this PAT exactly?

At this point this report is in fact pointless and more of FUD message.

Hugo.

--
        hvdkooij () vanderkooij org     http://hvdkooij.xs4all.nl/
            This message is using 100% recycled electrons.

Current thread:

Checkpoint NG3 ICMP Flood bdmoraes (Dec 18)
- Re: Checkpoint NG3 ICMP Flood Michael Schwartzkopff (Dec 18)
- Re: Checkpoint NG3 ICMP Flood Hugo van der Kooij (Dec 18)