Firewall Wizards mailing list archives
Re: remote crash possibility of FW-1?
From: "Ryan Russell" <Ryan.Russell () sybase com>
Date: Mon, 29 Nov 1999 13:55:28 -0800
Hi there. We use Checkpoints Firewall-I release 4.0 SP 4 running on a SUN U2/200 Solaris 2.6 with up-to-date patchlevel. For several weeks now the box crashes or reboots without any hint left in the logfiles. SUN service replaced all components (FDDI, RAM, CPUs, ...) except for the mirrored disks. Since most of the crashes happen during the weekend we also suspect some DOS attack. Are there any known DOS attacks than leave the box unusable till someone does a power-off-on cycle?
They're quite capable of crashing all by themselves. I've had FW-1 installs crash regularly due to lack of memory tuning. Read these two to learn about some memory stuff: http://www.phoneboy.com/fw1/faq/0088.html http://www.phoneboy.com/fw1/faq/0296.html Now, assuming it is some sort of malicious attack that isn't widely known... Have you shut off allow control connections, accept ICMP, accept RIP, accept established connections, etc.. ? I'm aware of some nasty potential problems with those. To fix, read: http://www.enteract.com/~lspitz/audit.html If you are experiencing a DoS of some sort, it would almost certainly be due to your having left exposed some service which you shouldn't, that Checkpoint tells you not to if you read the docs carefully, yet they leave open by default anyway. Ryan
Current thread:
- remote crash possibility of FW-1? Thomas Nau (Nov 29)
- Re: remote crash possibility of FW-1? R. DuFresne (Nov 30)
- Re: remote crash possibility of FW-1? Darren Reed (Nov 30)
- Re: remote crash possibility of FW-1? steelers12 (Nov 30)
- <Possible follow-ups>
- Re: remote crash possibility of FW-1? Ryan Russell (Nov 30)