Vulnerability Development mailing list archives

Re: Firewall-1 and ISA D.o.S.

From: <overclocking_a_la_abuela () hotmail com>
Date: 18 Feb 2002 12:45:52 -0000


In-Reply-To: <001201c1b805$7e74dde0$7215a9d9 () devitto com>

Hi Dom,

I know that you can increase the connections 
managed by the kernel of FW-1, I will increase it to 
50.000 ( some time ago CheckPoint said to me that it 
was the limit... ), but I think the problem is not on that 
feature. When I send packets , I send always the 
same packet ( same source port, same dest port, 
same source address, same dest address , same 
sequence number, ... ) so , do you think FW-1 tracks 
every packet received as a new connection, or it only 
refresh it state table as there was only one 
connection ?
Moreover, ippacket generates packets at a very high 
rate, and I do not believe FW-1 ( and many other 
firewalls ) is able to manage this flood of SYN 
requests.

I will try to allocate more memory in the firewall..., but 
I´m sure that it will not solve the problem ( maybe on 
a P-IV with 1GB of RAM ... ).

"RTFM" ---> Yes, I read it loooong time ago, ... have 
you at least tried to apply the D.o.S. that I describe ?

Hugo Vázquez Caramés
Security Consultant

Received: (qmail 19167 invoked from network); 18

Feb 2002 06:09:17 -0000

Received: from outgoing3.securityfocus.com

(HELO outgoing.securityfocus.com) (66.38.151.27)

 by mail.securityfocus.com with SMTP; 18 Feb

2002 06:09:17 -0000

Received: from lists.securityfocus.com

(lists.securityfocus.com [66.38.151.19])

      by outgoing.securityfocus.com (Postfix)

with QMQP

      id A4043A44ED; Sun, 17 Feb 2002

21:24:59 -0700 (MST)

Mailing-List: contact vuln-dev-

help () securityfocus com; run by ezmlm

Precedence: bulk
List-Id: <vuln-dev.list-id.securityfocus.com>
List-Post: <mailto:vuln-dev () securityfocus com>
List-Help: <mailto:vuln-dev-

help () securityfocus com>

List-Unsubscribe: <mailto:vuln-dev-

unsubscribe () securityfocus com>

List-Subscribe: <mailto:vuln-dev-

subscribe () securityfocus com>

Delivered-To: mailing list vuln-

dev () securityfocus com

Delivered-To: moderator for vuln-

dev () securityfocus com

Received: (qmail 23554 invoked from network); 17

Feb 2002 22:47:19 -0000

From: "Dom De Vitto" <Dom () DeVitto com>
To: <

Current thread:

Firewall-1 and ISA D.o.S. overclocking_a_la_abuela (Feb 17)
- RE: Firewall-1 and ISA D.o.S. Dom De Vitto (Feb 17)
- Re: Firewall-1 and ISA D.o.S. Lincoln Yeoh (Feb 17)
- <Possible follow-ups>
- Re: Firewall-1 and ISA D.o.S. overclocking_a_la_abuela (Feb 18)
  - RE: Firewall-1 and ISA D.o.S. Dom De Vitto (Feb 18)
- Re: Firewall-1 and ISA D.o.S. overclocking_a_la_abuela (Feb 18)
  - Re: Firewall-1 and ISA D.o.S. Lincoln Yeoh (Feb 18)
- RE: Firewall-1 and ISA D.o.S. Jim Harrison (SPG) (Feb 18)