Penetration Testing mailing list archives
Re: Raptor Firewall
From: H D Moore <hdm () digitaloffense net>
Date: Fri, 7 Dec 2001 02:17:58 -0600
I have seen this happen in one case where the customer had incorrectly configured the firewall to have two rules that both matched a packet. When a syn hit that port, the Raptor box would go into fits and start spewing what looked to be developer debug statements. I don't remember the version they we running or how the conflicting rules were created, just that there were two rules matching the same connection. Does the firewall spit anything out on the console (popups, error logs, etc)? Does a TCP connect scan cause the same problem? -HD On Thursday 06 December 2001 06:06 pm, Stuart wrote:
We've run a pentest against a customer recently and found that the very act of port scanning their Raptor firewall (running on NT) crippled its ability to accept incoming connections for their web site. The firewall is a new high spec PIII and the least line is a decent size. The nmap scans were standard timing (not T5 or anything daft) - once the scans were stopped, things burst back in to life within about 10minutes.
[ snip ]
Does this ring any bells with anyone? Seems very odd to me... a portscan should not cause a DOS by itself...
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Writing to Windows Security Log Tina Bird (Dec 05)
- Stunnel Problems Stuart (Dec 06)
- Re: Stunnel Problems Joerg Over (Dec 10)
- RE: Stunnel Problems Bugtraq (Dec 10)
- Raptor Firewall Stuart (Dec 06)
- Re: Raptor Firewall H D Moore (Dec 10)
- Re: Raptor Firewall Alex Butcher (pentest) (Dec 10)
- Re: Raptor Firewall Mike Shaw (Dec 10)
- Re: Raptor Firewall Erik Parker (Dec 10)
- <Possible follow-ups>
- Re: Writing to Windows Security Log Tina Bird (Dec 06)
- Re: Writing to Windows Security Log Adrien de Beaupre (Dec 10)
- RE: Writing to Windows Security Log Brass, Phil (ISS Atlanta) (Dec 10)
- Stunnel Problems Stuart (Dec 06)