Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Land attack on my FW. Any help identifying?

To: [email protected]
Subject: Re: [FW-1] Land attack on my FW. Any help identifying?
From: BillO <[email protected]>
Date: Tue, 18 Jun 2002 23:39:00 -0400
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Land attacks are detected as part of the IDS function of the checkpoint
firewall.  CPMAD (malicious activity detection) will detect this attack --
which is when the source ip and the destination ip address are the same.
This used to send many machines into a loop until they crashed.  I do not
know how vulnerable systems are these days.

If 108.122.0.0 is the address in question, you can sniff different parts of
your network and try and figure out which machine is initiating the traffic
and pursue it from that angle.  The work involved will depend on how complex
your network is and what kind of monitoring tools you have in place.

----- Original Message -----
From: "Hal Dorsman" <[email protected]>
To: <[email protected]>
Sent: Tuesday, June 18, 2002 5:49 PM
Subject: [FW-1] Land attack on my FW. Any help identifying?


> I am seeing land attack traffic, no service, source=127.0.0.*,
> destination= 108.122.0.0.  Everything is getting dropped by rule 0,
> but I am unsure if I can do anything.  The odd part is all traffice is
> showing up on one of my internal interfaces.   Any tips?
>
> Thanks,
>
> Hal
>
> Hal Dorsman
> Data Network Engineer
> Blackfoot Telephone Cooperative
> [email protected]
>>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] Land attack on my FW. Any help identifying?
  - From: Hal Dorsman <[email protected]>

Prev by Date: Re: [FW-1] IP440 sluggish performance after not being rebooted for weeks.
Next by Date: Re: [FW-1] Question on ip forwarding
Previous by thread: [FW-1] Land attack on my FW. Any help identifying?
Next by thread: [FW-1] Pete Mulhern/GS/UK/Zurich is out of the office.
Index(es):
- Date
- Thread