Penetration Testing mailing list archives
Re: Raptor Firewall
From: Lambott () aol com
Date: Fri, 07 Dec 2001 05:03:35 EST
Stuart, I've come across a similar problem in the course of a PenTest using the #nmap -sU option (UDP scan) It appears there is no fix till date. You will find more info. on http://xforce.iss.net/static/7484.php http://www.remote-exploit.org/downloads.php Feel free to contact me directly to discuss. Taiye Lambo, CISSP Principal Security Consultant CyberCops Europe (UK) Mobile: 07958 430 094 In a message dated Fri, 7 Dec 2001 06:07:24 Greenwich Mean Time, "Stuart" <stuart.hackinfo () btinternet com> writes:
We've run a pentest against a customer recently and found that the very act of port scanning their Raptor firewall (running on NT) crippled its ability to accept incoming connections for their web site. The firewall is a new high spec PIII and the least line is a decent size. The nmap scans were standard timing (not T5 or anything daft) - once the scans were stopped, things burst back in to life within about 10minutes. This sounds like a lack of available connections type problem (similar to SYN flooding) to me. The firewall was running at about 10% CPU usage at the time and was not swapping to disk at all, also strangely, internal access outbound to the net for web browsing seemed unaffected? Its the latest version of Raptor and we're told its fully patched up to date. Does this ring any bells with anyone? Seems very odd to me... a portscan should not cause a DOS by itself... thanks Stuart IT Security Consultant, UK ---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
---------------------------------------------------------------------------- This list is provided by the SecurityFocus Security Intelligence Alert (SIA) Service. For more information on SecurityFocus' SIA service which automatically alerts you to the latest security vulnerabilities please see: https://alerts.securityfocus.com/
Current thread:
- Re: Raptor Firewall Lambott (Dec 10)
- <Possible follow-ups>
- Re: Raptor Firewall bluefur0r bluefur0r (Dec 10)