[8377] in bugtraq
Re: WatchGuard Firewall internal D.O.S
daemon@ATHENA.MIT.EDU (Karl Stevens)
Tue Nov 3 18:49:48 1998
Date: Mon, 2 Nov 1998 12:15:30 -0700
Reply-To: Karl Stevens <karl@MAXIM.CA>
From: Karl Stevens <karl@MAXIM.CA>
X-To: "Who Wants To Live Forever ..." <mruiz@ING.UMAYOR.CL>
To: BUGTRAQ@NETSPACE.ORG
Hello,
We've have a Watchguard (original) for some time now, and don't see the
problem you describe.. perhaps it could be a configuration issue?
Does it happen at other ports as well, or just DNS? - And do you have
the 'outgoing' icon enabled? (if so, it could be what's causing the
problem - try just allowing specific traffic, and exclude the firewall
from the lists of allowed hosts)
FWIW, the Firebox (original, and probably II as well) is a low-end PC
running Linux 2.0.3x.. (we built a backup for ours out of an old P100
and 3com NICs :) .. applying linux know-how to the firebox might save
you some headaches..
TTUL
-Karl
ps. I agree that talking directly to Seattle Labs doesn't help much at
first, try going through your dealer - SL is much more responsive to
dealer inquiries than from end-users (it's the way they're structured...
configuration problems are handled by the dealers, technical issues are
handled by SL... since at first glance yours appears to be a
configuration issue, they might have ignored it until it goes through
proper channels..)
Who Wants To Live Forever ... wrote:
>
> When we was testing a FireBox II (WatchGuard.. the red one box)
> from internet it filtered any attack, but when we probe it from internal
> network (masquerade), it doesn't filter udp attack, actually with "pepsi"
> flood spoofed as localhost at dns port, it goes down, and stay disarmed.
> We dont know if machines at the "optional" interface stay completly
> vulnerable .. but it could be, we inform at WatchGuard.com .. but they
> doesnt answer.
>
> Matias Ruiz
> Patricio Laf.
> www.miticos.cl
