Re: Firewall-1 and ISA D.o.S.
From: overclocking_a_la_abuela@hotmail.comDate: 02/18/02
- Previous message: overclocking_a_la_abuela@hotmail.com: "Re: Firewall-1 and ISA D.o.S."
- Maybe in reply to: overclocking_a_la_abuela@hotmail.com: "Firewall-1 and ISA D.o.S."
- Next in thread: Dom De Vitto: "RE: Firewall-1 and ISA D.o.S."
- Next in thread: Jim Harrison (SPG): "RE: Firewall-1 and ISA D.o.S."
- Reply: Dom De Vitto: "RE: Firewall-1 and ISA D.o.S."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: 18 Feb 2002 12:45:52 -0000 From: <overclocking_a_la_abuela@hotmail.com> To: vuln-dev@securityfocus.com('binary' encoding is not supported, stored as-is)
In-Reply-To: <001201c1b805$7e74dde0$7215a9d9@devitto.com>
Hi Dom,
I know that you can increase the connections
managed by the kernel of FW-1, I will increase it to
50.000 ( some time ago CheckPoint said to me that it
was the limit... ), but I think the problem is not on that
feature. When I send packets , I send always the
same packet ( same source port, same dest port,
same source address, same dest address , same
sequence number, ... ) so , do you think FW-1 tracks
every packet received as a new connection, or it only
refresh it state table as there was only one
connection ?
Moreover, ippacket generates packets at a very high
rate, and I do not believe FW-1 ( and many other
firewalls ) is able to manage this flood of SYN
requests.
I will try to allocate more memory in the firewall..., but
I´m sure that it will not solve the problem ( maybe on
a P-IV with 1GB of RAM ... ).
"RTFM" ---> Yes, I read it loooong time ago, ... have
you at least tried to apply the D.o.S. that I describe ?
Hugo Vázquez Caramés
Security Consultant
>Received: (qmail 19167 invoked from network); 18
Feb 2002 06:09:17 -0000
>Received: from outgoing3.securityfocus.com
(HELO outgoing.securityfocus.com) (66.38.151.27)
> by mail.securityfocus.com with SMTP; 18 Feb
2002 06:09:17 -0000
>Received: from lists.securityfocus.com
(lists.securityfocus.com [66.38.151.19])
> by outgoing.securityfocus.com (Postfix)
with QMQP
> id A4043A44ED; Sun, 17 Feb 2002
21:24:59 -0700 (MST)
>Mailing-List: contact vuln-dev-
help@securityfocus.com; run by ezmlm
>Precedence: bulk
>List-Id: <vuln-dev.list-id.securityfocus.com>
>List-Post: <mailto:vuln-dev@securityfocus.com>
>List-Help: <mailto:vuln-dev-
help@securityfocus.com>
>List-Unsubscribe: <mailto:vuln-dev-
unsubscribe@securityfocus.com>
>List-Subscribe: <mailto:vuln-dev-
subscribe@securityfocus.com>
>Delivered-To: mailing list vuln-
dev@securityfocus.com
>Delivered-To: moderator for vuln-
dev@securityfocus.com
>Received: (qmail 23554 invoked from network); 17
Feb 2002 22:47:19 -0000
>From: "Dom De Vitto" <Dom@DeVitto.com>
>To: <
- Previous message: overclocking_a_la_abuela@hotmail.com: "Re: Firewall-1 and ISA D.o.S."
- Maybe in reply to: overclocking_a_la_abuela@hotmail.com: "Firewall-1 and ISA D.o.S."
- Next in thread: Dom De Vitto: "RE: Firewall-1 and ISA D.o.S."
- Next in thread: Jim Harrison (SPG): "RE: Firewall-1 and ISA D.o.S."
- Reply: Dom De Vitto: "RE: Firewall-1 and ISA D.o.S."
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
