Bugtraq mailing list archives
RE: SonicWall Firewall DoS, ARP Flood, Network Mapping
From: "Robert C. Auch" <RAuch () totalnetsolutions net>
Date: Wed, 3 Mar 2004 16:16:37 -0600
A few clarifications, according to CSSA Support (Level 2 support): 1) You need to have Ethernet connectivity to the WAN interface to exploit this. T1, and many cable implementations will stop this. 2) The "default" or "normal" mode that most SonicWall devices are installed in is "NAT Mode" - SonicWall reported to me that the ARP requests are not sent backwards across a device in NAT mode, only standard mode (NAT not enabled). 3) ARP traffic is very small - to create a DoS on the network, you'd need to generate thousands of arps per second. SonicWall firmware version 6.6 (no ETA from support) will fix these issues. My thought: If you've got an attacker that close to your network, does he really need to use your SonicWall for mapping? Robert Auch First initial last name at totalnetsolutions.net 0 ASCII Ribbon campaign - against HTML Email ^ - against auto-execute attachments
Current thread:
- RE: SonicWall Firewall DoS, ARP Flood, Network Mapping Robert C. Auch (Mar 03)