[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] RE: Firewall attacked by IIS servers!
We'r seeing hundreds of attempts from code red hit machines to our FW. All dropped obviously but it does slow things down. I guess some people havn't caught on to it yet. Mike > -----Original Message----- > From: Russell Aspinwall [SMTP:[email protected]] > Sent: á àåâåñè 13 2001 14:41 > To: ragu nandan > Cc: [email protected] > Subject: Re: Firewall attacked by IIS servers! > > Hi Ragu, > > Start running Apache! Is IIS worth all the hassle? > > Regards > > Russell > > ragu nandan wrote: > > > Oh, never had seen a Solaris machine running CP FW 4.1 > > SP 2 brought to its knees literally. Happenned on the > > weekend. The screen just dumped "fw: halloc: unable to > > allocate 68 bytes", followed by "fw: fw_xlate_forw: > > failed to initalize the connection " and > > "fw: fw_init_xlation: ld_set forward failed". I > > couldn't stop it, had to reboot. When I did, after it > > installed the policy it would start again. I had VVM > > on the FW and Interscan VW on it, so had to eliminate > > these variables. The solaris machine was an Ultra 60 > > with a Gig of memory, so it could well handle enough > > connections. But when I ran a command that showed how > > many connections, saw 15,000!. After spending hrs with > > ISS, finally realized that I was attacked by code red > > on the ubiquitous IIS servers in the DMZ. I isolated > > DMZ, Extranet, still wouldn't stop. Isolated the > > internal network, and that when the Firewall became > > normal and connections became double-digit. So still > > patching or disconnecting all those windoze machines > > running IIS. Even now the FW is very slow and shows > > 5000 connections. Wonder anybody else had these > > experiences before. > > Any thoughts? > > Ragu > > > > __________________________________________________ > > Do You Yahoo!? > > Make international calls for as low as $.04/minute with Yahoo! Messenger > > http://phonecard.yahoo.com/ > > _______________________________________________ > > Firewalls mailing list > > [email protected] > > http://lists.gnac.net/mailman/listinfo/firewalls > > > > > > _______________________________________________ > Firewalls mailing list > [email protected] > http://lists.gnac.net/mailman/listinfo/firewalls ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|