Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Too Many Internal Hosts Detected

To: "'Thornton, Richard'" <[email protected]>, "'[email protected]'" <[email protected]>
Subject: RE: [FW1] Too Many Internal Hosts Detected
From: "Reed Mohn, Anders" <[email protected]>
Date: Thu, 3 May 2001 10:23:46 +0200
Sender: [email protected]



Well, finding that out should be (relatively) easy, shouldn't it?
You ought to be able to track down the offender, since he will 
have to be located behind one of your inside interfaces.
(Unless you don't have anti-spoofing on the external interface)
Use a packet sniffer to find the MAC-address, and then try to find
the real IP from that. Once you've got the right machine, you should
be able to see what's going on.

Cheers,
Anders :)




-----Original Message-----
From: Thornton, Richard [mailto:[email protected]]
Sent: 1. mai 2001 11:48
To: '[email protected]'
Subject: [FW1] Too Many Internal Hosts Detected



Group

You have been excellent help to me and for that I thank you.

Problem is I have another problem, wow isn't this firewall stuff great...;-)

Of course this problem is not stopping the firewall from functioning, its
just a nucience.

Specs:		Compaq Proliant
		Windows NT 4.0 Server (SP6a)
		FireWall-1 4.1 SP3 Gateway/25
		5 Hosts protected by firewall

I am getting the dreaded "too many internal hosts detected" the external.if
file contains the name of the correct interface N1003, I have checked the
table using "fw lichosts" and the majority of the addresses are foreign
apart from the destination IPs of most of the foreign addresses being my
internal subnets broadcast address.  Also I have bounced and removed fwd.h
and fwd.hosts this stops the messages for a day or so then they return.

Do you think this is a small scale DOS attack as mentioned on BugTraq
http://c0ke.kaizo.org/lists/bugtraq/jan-feb/0322.shtml, I remember reading
something on the web about firewall-1 licensing and broadcasts is this
related?

Cheers

Richard Thornton


_________________________________________________________________ 
Common Services Agency Disclaimer 

The information contained in this message may be confidential 
or legally privileged and is intended for the addressee only.  
If you have received this message in error or there are any 
problems please notify the originator immediately. 
The unauthorised use, disclosure, copying or alteration of this 
message is strictly forbidden. 
_________________________________________________________________ 



============================================================================
====
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
============================================================================
====


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] Upgrade from checkpoint 4.0 SP1 to 4.1 SP3
Next by Date: [FW1] VPN Secure Remote Client and CA
Previous by thread: RE: [FW1] Too Many Internal Hosts Detected
Next by thread: [FW1] dnsinfo.C
Index(es):
- Date
- Thread