[15700] in bugtraq
Re: CheckPoint FW1 BUG (fwd)
daemon@ATHENA.MIT.EDU (Kis-Szabo Andras)
Mon Jul 10 02:57:55 2000
Mime-Version: 1.0
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Message-Id: <20000708110129.B26781@sch.bme.hu>
Date: Sat, 8 Jul 2000 11:01:29 +0200
Reply-To: Kis-Szabo Andras <kisza@SCH.BME.HU>
From: Kis-Szabo Andras <kisza@SCH.BME.HU>
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <Pine.GSO.4.21.0007070909001.16655-100000@mail>; from
bgreenbaum@SECURITYFOCUS.COM on Fri, Jul 07,
2000 at 09:15:33AM -0700
Hi,
> If you flood port 264 ( FW1_topo ) from your local network, the Firewall-1
> CPU reaches 100% and nobody can connect with GUI ( neither on the firewall
> itself ).
> The test has been done on a local 10 MB Ethernet against a PII 266 256 MB,
> FW1 4.1 SP1 in a NT 4.0 SP4 with the ippacket software and spoofing the
> source IP, and that4s the packet sent :
I've got 2 question:
- is the DoS present on SUN/Solaris platforms? ( || only NT?)
- if You deny the FireWall-1 controll connections on the
properties screen, and add the minimum rules to the rulebase
with specify the explicit src/dst addressess (and controll protocolls)
, stops the DoS, or not? (CheckPoint using the interface correctly?)
REgards,
kisza
--
Kis-Szabo Andras Budapest University of Technology and Economics
---------------------------/ Schonherz Dormitory
kisza@sch.bme.hu /---------------------------------33O-->>>>.Info
