[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] packet size too big
Title: RE: [FW1] packet size too big This information is "stolen" directly from PhoneBoy's FireWall-1 FAQ at http://www.phoneboy.com/fw1/ Hope it helps! _________________________________________ packet size too big (65529) from 0x0a002b2e, ip_p=1 Q: I am seeing this message repeated in /var/log/messages, on the console, and/or in the NT Event Viewer. A: A repetition of these messages along with high CPU utilization means you are under a fragmentation Denial of Service (DoS) attack. Check Point has released a statement regarding this DoS. Check Point has addressed this issue in FireWall-1 4.1 SP2, 4.0 SP7, and a hotfix to 4.0 SP5 on Nokia. To make these error messages go away and to decrease the CPU utilization, enter the following command on your firewall module: fw ctl debug -buf Note that all kernel-related FireWall-1 messages will go into this buffer, so some ability to debug certain problems will be inhibited (for example, certain messages about NAT and kernel memory). Normal rulebase logging will not be affected by this command. -----Original Message-----
Dear all I have checkpoint installed under solaris 2.6 and I got this message come on the console FW-1 : packet size too big . any idea will be appreciated . Saleh Al-Ageel ================================================================================
|