Firewall Wizards mailing list archives
Re: Effect of full disk on logging under FW-1 v 2.1?
From: Manuel.Gil () gecits-eu com
Date: Tue, 10 Feb 1998 10:03:03 +0100
There is a test in DataCom WEB site, where you can find information about the status of the Firewall-1 after you fill the disk with the log. http://www.data.com/lab_tests/firewalls97.html They say exactly: The fourth attack involves filling the disk of the firewall. If such an assault is mounted, a firewall should shut down. Only those products from Altavista, Cyberguard, Netguard (Migdal Ha-Emek, Israel), Sun, and Trusted Information Systems Inc. (TIS, Rockville, Md.) did so (the last two because they run on Solaris, which shuts down in response to a full disk; versions of TIS for other operating systems will continue to operate). The next best thing would be to continue operating but deny all external access attempts--which is what firewalls from IBM and Milkyway did. All other products continued to operate normally, which raises a major security concern if logging occurs on the firewall machine. Ideally, logs should be kept on an external machine or moved frequently to read-only media. Bye... lists () bwa net on 09/02/98 13:04:44 Please respond to lists () bwa net To: firewall-wizards () nfr net cc: (bcc: Manuel Gil/Madrid/GECITS-EU) Subject: Effect of full disk on logging under FW-1 v 2.1? ------------------------------------------------------------------------- I'm doing an audit for an organisation, and I'm about to test the effect of filling their disk so that the firewall can't log. However, their only firewall person is away at the moment and I don't really want to leave them with a headache - so can anyone tell me what happens if the disk fills? I'm not an expert in FW-1... Does it halt? (what I would expect) or does it overwrite the current log or does it fail-open? TIA, Bret Watson Technical Incursion Countermeasures consulting () bwa net http://www.ticm.com/ ph: (+61)(08) 9454 2487(UTC+8 hrs) fax: (+61)(08) 9429 8800 The Insider - a e'zine on Computer security http://www.ticm.com/about/insider.html Best regards Manuel Gil GE Capital IT Solutions , S.L. System Engineering Edif. Torre Serrano C./ Serrano 47, Madrid 28001, Spain Phone: +34 1 4368839/00, Fax: +34 1 5769883, Mobile: 909 457616 Internet: Manuel.Gil () GECITS-EU COM
Current thread:
- Re: Effect of full disk on logging under FW-1 v 2.1? Jacqueline Kim (Feb 09)
- <Possible follow-ups>
- Re: Effect of full disk on logging under FW-1 v 2.1? Manuel . Gil (Feb 10)
- Re: Effect of full disk on logging under FW-1 v 2.1? Christopher Nicholls (Feb 10)