Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Potential DOS against FW-1 logging?

To: [email protected]
Subject: Re: [FW-1] Potential DOS against FW-1 logging?
From: Nico De Ranter <[email protected]>
Date: Wed, 16 Jul 2003 08:54:40 +0200
In-reply-to: <[email protected]>; from [email protected] on Wed, Jul 16, 2003 at 08:45:20AM +0200
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-agent: Mutt/1.2.5.1i

Found the problem. The problem was local:

  NOTICE: alloc: /log: file system full

Sigh...  Sorry to bother you with this.

Nico

On Wed, Jul 16, 2003 at 08:45:20AM +0200, Nico De Ranter wrote:
> Hi guys,
>
> just noticed something weird. My FW-1 logging just started giving
> some totaly bogus messages and then died. Anybody else seen this kind
> of behaviour?  Not sure whether it's a local thing on my server
> or something induced by a strange packet on the network.
>
> Date: Oct 28, 1983
> 17:46:56 drop   210.10.17.0 >    src 255.0.36.0 s_port 79735037 dst 253.63.20.239 serviceproto icmp rule 0
> Date: Mar 24, 2024
> 11:27:17 drop   76.195.0.45 >    src 1.192.168.253 s_port -46197521 dst 195.0.0.0 service 4260866 proto 16777215 xlatesrc 255.255.255.255 xlatedst 255.63.20.239 xlatesport udp-high-ports xlatedport 29403389 NAT_rulenum -50331641 NAT_addtnl_rulenumrule 16777216 fstring: log string length 21436 >= 4096, truncated
>
>
> Addresses are totaly bogus, interface is missing, port numbers don't make sense...
>
> I'm running NG FP3 on Solaris.
>
> Nico
>
> ---------------------------------------------------------
>  "It has been said that there are only two businesses that
>   refer to customers as users: illegal drug trade and
>                the computer industry."
> ---------------------------------------------------------
> Nico De Ranter
> Senior System Administrator
> Sony Service Center (NSCE/VPE-B)
> Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
> 1130 Brussel (Bruxelles), Belgium, Europe, Earth
> Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
> e-mail: [email protected]
---------------------------------------------------------
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
               the computer industry."
---------------------------------------------------------
Nico De Ranter
Senior System Administrator
Sony Service Center (NSCE/VPE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [email protected]

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] Potential DOS against FW-1 logging?
  - From: Nico De Ranter <[email protected]>

Prev by Date: [FW-1] Potential DOS against FW-1 logging?
Next by Date: Re: [FW-1] Potential DOS against FW-1 logging?
Previous by thread: [FW-1] Potential DOS against FW-1 logging?
Next by thread: Re: [FW-1] Potential DOS against FW-1 logging?
Index(es):
- Date
- Thread