Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] RE: Firewall attacked by IIS servers!

To: "'fw-1 listserv'" <[email protected]>
Subject: [FW1] RE: Firewall attacked by IIS servers!
From: Mike Glassman - Admin <[email protected]>
Date: Mon, 13 Aug 2001 16:06:40 +0200
Sender: [email protected]

We'r seeing hundreds of attempts from code red hit machines to our FW.

All dropped obviously but it does slow things down.

I guess some people havn't caught on to it yet.

Mike

> -----Original Message-----
> From:	Russell Aspinwall [SMTP:[email protected]]
> Sent:	á àåâåñè 13 2001 14:41
> To:	ragu nandan
> Cc:	[email protected]
> Subject:	Re: Firewall attacked by IIS servers!
> 
> Hi Ragu,
> 
> Start running Apache!  Is IIS worth all the hassle?
> 
> Regards
> 
> Russell
> 
> ragu nandan wrote:
> 
> > Oh, never had seen a Solaris machine running CP FW 4.1
> > SP 2 brought to its knees literally. Happenned on the
> > weekend. The screen just dumped "fw: halloc: unable to
> > allocate 68 bytes", followed by "fw: fw_xlate_forw:
> > failed to initalize the connection " and
> > "fw: fw_init_xlation: ld_set forward failed". I
> > couldn't stop it, had to reboot. When I did, after it
> > installed the policy it would start again. I had VVM
> > on the FW and Interscan VW on it, so had to eliminate
> > these variables. The solaris machine was an Ultra 60
> > with a Gig of memory, so it could well handle enough
> > connections. But when I ran a command that showed how
> > many connections, saw 15,000!. After spending hrs with
> > ISS, finally realized that I was attacked by code red
> > on the ubiquitous IIS servers in the DMZ. I isolated
> > DMZ, Extranet, still wouldn't stop. Isolated the
> > internal network, and that when the Firewall became
> > normal and connections became double-digit. So still
> > patching or disconnecting all those windoze machines
> > running IIS. Even now the FW is very slow and shows
> > 5000 connections. Wonder anybody else had these
> > experiences before.
> > Any thoughts?
> > Ragu 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Make international calls for as low as $.04/minute with Yahoo! Messenger
> > http://phonecard.yahoo.com/
> > _______________________________________________
> > Firewalls mailing list
> > [email protected]
> > http://lists.gnac.net/mailman/listinfo/firewalls
> > 
> > 
> 
> _______________________________________________
> Firewalls mailing list
> [email protected]
> http://lists.gnac.net/mailman/listinfo/firewalls


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] FW Log Reporting
Next by Date: Re: [FW1] Address Range as part of Security Police?
Previous by thread: [FW1] Study Guides for CCSE??????
Next by thread: RE: [FW1] RE: Firewall attacked by IIS servers!
Index(es):
- Date
- Thread