[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Land attack on my FW. Any help identifying?
Land attacks are detected as part of the IDS function of the checkpoint firewall. CPMAD (malicious activity detection) will detect this attack -- which is when the source ip and the destination ip address are the same. This used to send many machines into a loop until they crashed. I do not know how vulnerable systems are these days. If 108.122.0.0 is the address in question, you can sniff different parts of your network and try and figure out which machine is initiating the traffic and pursue it from that angle. The work involved will depend on how complex your network is and what kind of monitoring tools you have in place. ----- Original Message ----- From: "Hal Dorsman" <[email protected]> To: <[email protected]> Sent: Tuesday, June 18, 2002 5:49 PM Subject: [FW-1] Land attack on my FW. Any help identifying? > I am seeing land attack traffic, no service, source=127.0.0.*, > destination= 108.122.0.0. Everything is getting dropped by rule 0, > but I am unsure if I can do anything. The odd part is all traffice is > showing up on one of my internal interfaces. Any tips? > > Thanks, > > Hal > > Hal Dorsman > Data Network Engineer > Blackfoot Telephone Cooperative > [email protected] >> > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [email protected] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [email protected] > ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|