[3596] in bugtraq
Bos: Firewall-1 ping bug...?
daemon@ATHENA.MIT.EDU (Eduardo E. Silva)
Fri Nov 8 22:48:33 1996
Date: Fri, 8 Nov 1996 11:09:51 -0800
Reply-To: "Eduardo E. Silva" <esilva@NETCOM.COM>
From: "Eduardo E. Silva" <esilva@NETCOM.COM>
X-To: BUGTRAQ@crimelab.com
To: Multiple recipients of list BUGTRAQ <BUGTRAQ@netspace.org>
Hello,
I just got this from Bos, and I don't have access to a Firewall-1. I'll
try to ask some friends that do have several of these things installed
and see if we can replicate the problem...I think one way to prevent this
from attacking the Firewall-1 is to have the router filter the ping attack.
Cisco already has patches and recommendations in doing so.
--- o< -------------- o< ---------------
Resent-Sender: best-of-security-request@suburbia.net
Subject: BoS: firewall-1's problem
Status: RO
Hi all,
In testing a Soltice's firewall-1 (release 2) I found the following:
The firewall's filter rules block all inbound traffic, inculding ICMP
packets. However, when pinging the firewall with ping -l 70000,
firewall-1's GUI somehow seemed to crash as well as all the filter
rules.
At the same time with pinging I was able to telnet to the firewall and
thus bypass the filter rules (which seem to be crashed with the GUI).
After several minutes the GUI came back to life as well as the filter
rules, but it was to late by then!!!
More tests seem to reveal there's a problem with the logging facilities
of FW-1. It was so busy logging the ping, it "forgot" to do anything
else.....:-))
Can somebody help me out on this one? Has anybody encoutered the same
thing happening? Is it a problem with FW-1's use of syslog or is it a
bug???
Thanks in advance,
Arjan Vos
KPMG EDP Auditors
avos@kpmg.nl
------ o< --------------------- o< -------------- o< --------------
--
_
/\o/\
Thanks! / <_> \
/^^/ \^^\
-Ed /___\
