[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Too Many Internal Hosts Detected
Well, finding that out should be (relatively) easy, shouldn't it? You ought to be able to track down the offender, since he will have to be located behind one of your inside interfaces. (Unless you don't have anti-spoofing on the external interface) Use a packet sniffer to find the MAC-address, and then try to find the real IP from that. Once you've got the right machine, you should be able to see what's going on. Cheers, Anders :) -----Original Message----- From: Thornton, Richard [mailto:[email protected]] Sent: 1. mai 2001 11:48 To: '[email protected]' Subject: [FW1] Too Many Internal Hosts Detected Group You have been excellent help to me and for that I thank you. Problem is I have another problem, wow isn't this firewall stuff great...;-) Of course this problem is not stopping the firewall from functioning, its just a nucience. Specs: Compaq Proliant Windows NT 4.0 Server (SP6a) FireWall-1 4.1 SP3 Gateway/25 5 Hosts protected by firewall I am getting the dreaded "too many internal hosts detected" the external.if file contains the name of the correct interface N1003, I have checked the table using "fw lichosts" and the majority of the addresses are foreign apart from the destination IPs of most of the foreign addresses being my internal subnets broadcast address. Also I have bounced and removed fwd.h and fwd.hosts this stops the messages for a day or so then they return. Do you think this is a small scale DOS attack as mentioned on BugTraq http://c0ke.kaizo.org/lists/bugtraq/jan-feb/0322.shtml, I remember reading something on the web about firewall-1 licensing and broadcasts is this related? Cheers Richard Thornton _________________________________________________________________ Common Services Agency Disclaimer The information contained in this message may be confidential or legally privileged and is intended for the addressee only. If you have received this message in error or there are any problems please notify the originator immediately. The unauthorised use, disclosure, copying or alteration of this message is strictly forbidden. _________________________________________________________________ ============================================================================ ==== To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|