Re: kernel panic [linux 2.2.19-7] on UDP scan CP4.1-SP5

[ed.rolison () power alstom com]

Checkpoint does crash when being portscanned. Well, sort of.
Quite simply, when a (stateful) firewall, has too many entries in the state
table (IE it's full) then the box has problems.
In the case of checkpoint (or at least, this was the case a few versions
ago) it will crash. (And incidentally, if you are synchronising the
state table with another firewall for the purposes of failover, then
they'll both crash).
IIRC about 25000 connections will do this (less if you are using NAT)
Checkpoint also holds the 'state entries' for 50 seconds after the
connection is closed (IE FIN packets are seen), so you have a while to
reach the magic number.

My experience was with a Nokia IP440/Checkpoint Firewall-4.1SP3, but it
sounds as if the same situation may be occuring.


CONFIDENTIALITY:
This e-mail and any attachments are confidential and may be privileged. If
you are not a named recipient, please notify the sender immediately and do
not disclose the contents to another person, use it for any purpose, or
store or copy the information in any medium.