Firewall-1 SP7 CPU utilisation 100%

[Alex Balayan <abalayan () SFE COM AU>]

Hi all,

-------------------------------------
System SoftwareSpecs  |
-------------------------------------

*Windows NT server 4.0  SP 6
*Firewall-1 ver 4.0  SP 7

I was conducting a few port scans on the test firewall from a linux box with
nmap.

nmap -O xx.xx.xx.xx

The scan showed up 3 ports that I was not familiar with:

1030/tcp  open iad1
1031/tcp  open iad2
1033/tcp  open iad3

When the port scan finished, the cpu utilisation hit 100%. I check the process
list and it showed fw.exe was sitting at 99%.

I started to port scan specific port to identify the port that was causing the
problem.

i.e. nmap -O -p1030-1030 xx.xx.xx.xx

Port 1033/tcp was identified to cause the problem.


My questions are:

1. What are the listed ports?
2. What is causing the fw.exe to go nuts?




Regards
Alex Balayan
SFE Security Specialist

This e-mail is solely for the use of the addressee(s) and may contain
information which is confidential or privileged.  If you receive this e-mail and
you are not the addressee, please disregard the contents of the e-mail, delete
the e-mail and notify the author immediately.