RE: SonicWall Firewall DoS, ARP Flood, Network Mapping

["Robert C. Auch" <RAuch () totalnetsolutions net>]

A few clarifications, according to CSSA Support (Level 2 support):

1) You need to have Ethernet connectivity to the WAN interface to
exploit this.  T1, and many cable implementations will stop this.

2) The "default" or "normal" mode that most SonicWall devices are
installed in is "NAT Mode" - SonicWall reported to me that the ARP
requests are not sent backwards across a device in NAT mode, only
standard mode (NAT not enabled).

3) ARP traffic is very small - to create a DoS on the network, you'd
need to generate thousands of arps per second.

SonicWall firmware version 6.6 (no ETA from support) will fix these
issues.

My thought:
If you've got an attacker that close to your network, does he really
need to use your SonicWall for mapping?

Robert Auch
First initial last name at totalnetsolutions.net

0  ASCII Ribbon campaign - against HTML Email
^        - against auto-execute attachments