Re: Firewall-1 and ISA D.o.S.

From: overclocking_a_la_abuelaat_private
Date: Mon Feb 18 2002 - 04:45:52 PST

Next message: overclocking_a_la_abuelaat_private: "Re: Firewall-1 and ISA D.o.S."

Previous message: NyQuist: "Re: Ximian Mozilla: The 2618 Bug"
Maybe in reply to: overclocking_a_la_abuelaat_private: "Firewall-1 and ISA D.o.S."
Next in thread: Dom De Vitto: "RE: Firewall-1 and ISA D.o.S."
Next in thread: overclocking_a_la_abuelaat_private: "Re: Firewall-1 and ISA D.o.S."
Reply: Dom De Vitto: "RE: Firewall-1 and ISA D.o.S."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

('binary' encoding is not supported, stored as-is) In-Reply-To: <001201c1b805$7e74dde0$7215a9d9at_private> Hi Dom, I know that you can increase the connections managed by the kernel of FW-1, I will increase it to 50.000 ( some time ago CheckPoint said to me that it was the limit... ), but I think the problem is not on that feature. When I send packets , I send always the same packet ( same source port, same dest port, same source address, same dest address , same sequence number, ... ) so , do you think FW-1 tracks every packet received as a new connection, or it only refresh it state table as there was only one connection ? Moreover, ippacket generates packets at a very high rate, and I do not believe FW-1 ( and many other firewalls ) is able to manage this flood of SYN requests. I will try to allocate more memory in the firewall..., but I´m sure that it will not solve the problem ( maybe on a P-IV with 1GB of RAM ... ). "RTFM" ---> Yes, I read it loooong time ago, ... have you at least tried to apply the D.o.S. that I describe ? Hugo Vázquez Caramés Security Consultant >Received: (qmail 19167 invoked from network); 18 Feb 2002 06:09:17 -0000 >Received: from outgoing3.securityfocus.com (HELO outgoing.securityfocus.com) (66.38.151.27) > by mail.securityfocus.com with SMTP; 18 Feb 2002 06:09:17 -0000 >Received: from lists.securityfocus.com (lists.securityfocus.com [66.38.151.19]) > by outgoing.securityfocus.com (Postfix) with QMQP > id A4043A44ED; Sun, 17 Feb 2002 21:24:59 -0700 (MST) >Mailing-List: contact vuln-dev- helpat_private; run by ezmlm >Precedence: bulk >List-Id: <vuln-dev.list-id.securityfocus.com> >List-Post: <mailto:vuln-devat_private> >List-Help: <mailto:vuln-dev- helpat_private> >List-Unsubscribe: <mailto:vuln-dev- unsubscribeat_private> >List-Subscribe: <mailto:vuln-dev- subscribeat_private> >Delivered-To: mailing list vuln- devat_private >Delivered-To: moderator for vuln- devat_private >Received: (qmail 23554 invoked from network); 17 Feb 2002 22:47:19 -0000 >From: "Dom De Vitto" <Domat_private> >To: <

Next message: overclocking_a_la_abuelaat_private: "Re: Firewall-1 and ISA D.o.S."
Previous message: NyQuist: "Re: Ximian Mozilla: The 2618 Bug"
Maybe in reply to: overclocking_a_la_abuelaat_private: "Firewall-1 and ISA D.o.S."
Next in thread: Dom De Vitto: "RE: Firewall-1 and ISA D.o.S."
Next in thread: overclocking_a_la_abuelaat_private: "Re: Firewall-1 and ISA D.o.S."
Reply: Dom De Vitto: "RE: Firewall-1 and ISA D.o.S."
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Feb 18 2002 - 08:24:22 PST