Firewall Wizards mailing list archives
Re: SonicWalls take down networks?
From: Robert Graham <robert_david_graham () yahoo com>
Date: Mon, 20 Sep 1999 22:41:23 -0700 (PDT)
Ah. So one problem is the fact that the network is very "flat". My thinking is from the abstract view that you are 20 hops away from the firewall, so how could it affect the way the network worked? In reality, networks are "flattening" out more and more with switched hubs, and of course SonicWall is also built for smaller offices which also tend to be flat. The next problem is the feature 'enable router proxy arp'. Proxie ARPs have been known to cause major havoc with systems in the past. They are a nifty "kludge" get around things certain networking problems, but they quickly get out of hand sometimes. As you see, they quickly create HUGE ARP tables, or in your case, has a HUGE affect on the network by ARPing everyone's address. Of course, proxy ARPs are not specific to SonicWall, though of course as I mentioned in my original message it may not be a good thing that the product defaults led to a pathological configuration. Rob. --- Bill Stout <bill.stout () aristasoft com> wrote:
Found the problem. There's an undocumented administration page \\sonicwall\diag.htm which has checkboxes for 'enable arp bridging' and 'enable router proxy arp'. Apparently when combined with NAT mode, will cause the sonicwall to 'own' all internal IP addresses when an external system attempts to access those addresses - In this instance a nasty D.O.S. against all internal servers and desktops on the subnet. Turning these checkboxes off solved the problem. This particular configuration has two sonicwalls, one connected to a Citrix server (for trunked extranet VPNs), and the other connected to the office network (for administrative VPN to remote co-located systems). Both connect WAN ports to a hub which connects to a Cisco router. This particular configuration worked fine for months, that is, until a Citrix server connected to both internal and 'firewalled' networks could not see the internal servers (rebooting at the time after UPS failure) through it's internal LAN. It then attempted to connect through the external LAN (since the Cisco 'knew' the route to the private 10.x.x.x network), which apparently triggered NAT on the sonicwall to glom onto addresses on the internal subnet as it's own. SonicWall tech support tells me this may be complicated by two factors; one, that the sonicwall has 10 user licenses and may prevent access attempt 11 and above by grabbing those later IP addresses, two, that there is a possible problem when sonicwalls are initially configured on a 10.x.x.x subnet and reconfigured for another, since they've seen this happen once before. Bill Stout P.S. - Have not receving list messages since 9/14, reply directly please. ----- Original Message ----- From: Robert Graham <robert_david_graham () yahoo com> To: Bill Stout <Bill.Stout () AristaSoft com>; <firewall-wizards () nfr net> Sent: Monday, September 20, 1999 1:43 AM Subject: Re: SonicWalls take down networks?--- Bill Stout <Bill.Stout () AristaSoft com> wrote:Has anyone run into the problem where SonicWalls take down the entire network with IP address conflicts?How can any device take down an "entire IP network"? All the ways I can think of that happening are due to user error in configuring the device, which can apply to any device (true, some make devices encourage more user errors than others). For example, you could: * assign a duplicate address, which causes problems on another router or server * assign a duplicate subnet, which causes routing tables to be hosed for awhile From the evidence given, it doesn't yet look like a problem unique to SonicWall. === Robert Graham "Anxiously awaiting the millenium so I can start programming dates with 2-digits again." __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com
=== Robert Graham "Anxiously awaiting the millenium so I can start programming dates with 2-digits again." __________________________________________________ Do You Yahoo!? Bid and sell for free at http://auctions.yahoo.com
Current thread:
- Re: SonicWalls take down networks? George Mari (Sep 20)
- <Possible follow-ups>
- Re: SonicWalls take down networks? Robert Graham (Sep 20)
- Re: SonicWalls take down networks? Bill Stout (Sep 20)
- Re: SonicWalls take down networks? Robert Graham (Sep 21)