Vulnerability Development mailing list archives
Re: Firewall-1 and ISA D.o.S.
From: <overclocking_a_la_abuela () hotmail com>
Date: 18 Feb 2002 12:45:52 -0000
In-Reply-To: <001201c1b805$7e74dde0$7215a9d9 () devitto com> Hi Dom, I know that you can increase the connections managed by the kernel of FW-1, I will increase it to 50.000 ( some time ago CheckPoint said to me that it was the limit... ), but I think the problem is not on that feature. When I send packets , I send always the same packet ( same source port, same dest port, same source address, same dest address , same sequence number, ... ) so , do you think FW-1 tracks every packet received as a new connection, or it only refresh it state table as there was only one connection ? Moreover, ippacket generates packets at a very high rate, and I do not believe FW-1 ( and many other firewalls ) is able to manage this flood of SYN requests. I will try to allocate more memory in the firewall..., but I´m sure that it will not solve the problem ( maybe on a P-IV with 1GB of RAM ... ). "RTFM" ---> Yes, I read it loooong time ago, ... have you at least tried to apply the D.o.S. that I describe ? Hugo Vázquez Caramés Security Consultant
Received: (qmail 19167 invoked from network); 18
Feb 2002 06:09:17 -0000
Received: from outgoing3.securityfocus.com
(HELO outgoing.securityfocus.com) (66.38.151.27)
by mail.securityfocus.com with SMTP; 18 Feb
2002 06:09:17 -0000
Received: from lists.securityfocus.com
(lists.securityfocus.com [66.38.151.19])
by outgoing.securityfocus.com (Postfix)
with QMQP
id A4043A44ED; Sun, 17 Feb 2002
21:24:59 -0700 (MST)
Mailing-List: contact vuln-dev-
help () securityfocus com; run by ezmlm
Precedence: bulk List-Id: <vuln-dev.list-id.securityfocus.com> List-Post: <mailto:vuln-dev () securityfocus com> List-Help: <mailto:vuln-dev-
help () securityfocus com>
List-Unsubscribe: <mailto:vuln-dev-
unsubscribe () securityfocus com>
List-Subscribe: <mailto:vuln-dev-
subscribe () securityfocus com>
Delivered-To: mailing list vuln-
dev () securityfocus com
Delivered-To: moderator for vuln-
dev () securityfocus com
Received: (qmail 23554 invoked from network); 17
Feb 2002 22:47:19 -0000
From: "Dom De Vitto" <Dom () DeVitto com> To: <
Current thread:
- Firewall-1 and ISA D.o.S. overclocking_a_la_abuela (Feb 17)
- RE: Firewall-1 and ISA D.o.S. Dom De Vitto (Feb 17)
- Re: Firewall-1 and ISA D.o.S. Lincoln Yeoh (Feb 17)
- <Possible follow-ups>
- Re: Firewall-1 and ISA D.o.S. overclocking_a_la_abuela (Feb 18)
- RE: Firewall-1 and ISA D.o.S. Dom De Vitto (Feb 18)
- Re: Firewall-1 and ISA D.o.S. overclocking_a_la_abuela (Feb 18)
- Re: Firewall-1 and ISA D.o.S. Lincoln Yeoh (Feb 18)
- RE: Firewall-1 and ISA D.o.S. Jim Harrison (SPG) (Feb 18)