RE: [FW1] packet size too big

["Stephen MacDonald" <smacdonald@FW1-NOSPAMcomtech.com.au>]

Title: RE: [FW1] packet size too big

This information is "stolen" directly from PhoneBoy's FireWall-1 FAQ at http://www.phoneboy.com/fw1/

Hope it helps!

_________________________________________

packet size too big (65529) from 0x0a002b2e, ip_p=1

Q:  I am seeing this message repeated in /var/log/messages, on the console, and/or in the NT Event Viewer.

A:  A repetition of these messages along with high CPU utilization means you are under a fragmentation Denial of Service (DoS) attack. Check Point has released a statement regarding this DoS. Check Point has addressed this issue in FireWall-1 4.1 SP2, 4.0 SP7, and a hotfix to 4.0 SP5 on Nokia.

To make these error messages go away and to decrease the CPU utilization, enter the following command on your firewall module:

fw ctl debug -buf

Note that all kernel-related FireWall-1 messages will go into this buffer, so some ability to debug certain problems will be inhibited (for example, certain messages about NAT and kernel memory). Normal rulebase logging will not be affected by this command.

-----Original Message-----
From: Saleh M. Al-Ageel [mailto:saleh@ksu.edu.sa]
Sent: Saturday, 28 April 2001 10:17 PM
To: fw-1-mailinglist@beethoven.us.checkpoint.com
Subject: [FW1] packet size too big

Dear all

I have checkpoint installed under solaris 2.6 and I got this message come on the console

FW-1 : packet size too big .

any idea will be appreciated .

Saleh Al-Ageel

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

======================================================================
This email message has been swept by MIMEsweeper.