Raptor Firewall

• Previous message: Stuart: "Stunnel Problems"
• In reply to: Tina Bird: "Writing to Windows Security Log"
• Next in thread: H D Moore: "Re: Raptor Firewall"
• Reply: H D Moore: "Re: Raptor Firewall"
• Reply: Alex Butcher (pentest): "Re: Raptor Firewall"
• Reply: Lambott@aol.com: "Re: Raptor Firewall"
• Reply: Mike Shaw: "Re: Raptor Firewall"
• Reply: bluefur0r bluefur0r: "Re: Raptor Firewall"
• Reply: Erik Parker: "Re: Raptor Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

From: "Stuart" <stuart.hackinfo@btinternet.com>
To: <pen-test@securityfocus.com>
Date: Fri, 7 Dec 2001 00:06:23 -0000

We've run a pentest against a customer recently and found that the very act
of port scanning their Raptor firewall (running on NT) crippled its ability
to accept incoming connections for their web site. The firewall is a new
high spec PIII and the least line is a decent size. The nmap scans were
standard timing (not T5 or anything daft) - once the scans were stopped,
things burst back in to life within about 10minutes.

This sounds like a lack of available connections type problem (similar to
SYN flooding) to me. The firewall was running at about 10% CPU usage at the
time and was not swapping to disk at all, also strangely, internal access
outbound to the net for web browsing seemed unaffected?

Its the latest version of Raptor and we're told its fully patched up to
date.

Does this ring any bells with anyone? Seems very odd to me... a portscan
should not cause a DOS by itself...

thanks
Stuart
IT Security Consultant, UK

----------------------------------------------------------------------------
This list is provided by the SecurityFocus Security Intelligence Alert (SIA)
Service. For more information on SecurityFocus' SIA service which
automatically alerts you to the latest security vulnerabilities please see:
https://alerts.securityfocus.com/

• Previous message: Stuart: "Stunnel Problems"
• In reply to: Tina Bird: "Writing to Windows Security Log"
• Next in thread: H D Moore: "Re: Raptor Firewall"
• Reply: H D Moore: "Re: Raptor Firewall"
• Reply: Alex Butcher (pentest): "Re: Raptor Firewall"
• Reply: Lambott@aol.com: "Re: Raptor Firewall"
• Reply: Mike Shaw: "Re: Raptor Firewall"
• Reply: bluefur0r bluefur0r: "Re: Raptor Firewall"
• Reply: Erik Parker: "Re: Raptor Firewall"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages Re: Firewall Load Testing ... > test the firewall in order to determine maximum states, ... This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) Re: Raptor Firewall ... Principal Security Consultant ... > of port scanning their Raptor firewall crippled its ability ... > This list is provided by the SecurityFocus Security Intelligence Alert ... For more information on SecurityFocus' SIA service which ... (Pen-Test) [REVS] Bypassing Client Application Protection Techniques ... Get your security news from a reliable source. ... protection programs. ... * Kerio Personal Firewall 4.0 ... And we got actually nothing in the field of client application ... (Securiteam) Re: Recycler security issues on IIS server ... > latest upates to the server. ... > like to see the server put behind our firewall, ... other software, install all patches, IISlockdown, URLscan, use the correct ... the procedures you follow may vary depending on your security needs. ... (microsoft.public.inetserver.iis.security) Why hasnt Symantec addressed nastier Messenger spoofs ... Norton / Symantec has been silent on whether Norton Internet Security ... DSL firewall will stop these kinds of pop-ups. ... major ISPs and broadband systems. ... (comp.security.misc)

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint