NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Potential DOS against FW-1 logging?



Funny. I tried faking the source and destination ports to anything over
65000 but hping2 does not seem to take craft the right kind of packets. It
accepts any values for source and destination port but in the firewall log
the source port is shown to be a port in the range of 19000.



-----Original Message-----
From: Nico De Ranter [mailto:[email protected]]
Sent: Wednesday, July 16, 2003 10:45 AM
To: [email protected]
Subject: [FW-1] Potential DOS against FW-1 logging?


Hi guys,

just noticed something weird. My FW-1 logging just started giving
some totaly bogus messages and then died. Anybody else seen this kind
of behaviour?  Not sure whether it's a local thing on my server
or something induced by a strange packet on the network.

Date: Oct 28, 1983
17:46:56 drop   210.10.17.0 >    src 255.0.36.0 s_port 79735037 dst
253.63.20.239 serviceproto icmp rule 0
Date: Mar 24, 2024
11:27:17 drop   76.195.0.45 >    src 1.192.168.253 s_port -46197521 dst
195.0.0.0 service 4260866 proto 16777215 xlatesrc 255.255.255.255 xlatedst
255.63.20.239 xlatesport udp-high-ports xlatedport 29403389 NAT_rulenum
-50331641 NAT_addtnl_rulenumrule 16777216 fstring: log string
length 21436 >= 4096, truncated


Addresses are totaly bogus, interface is missing, port numbers don't make
sense...

I'm running NG FP3 on Solaris.

Nico

---------------------------------------------------------
 "It has been said that there are only two businesses that
  refer to customers as users: illegal drug trade and
               the computer industry."
---------------------------------------------------------
Nico De Ranter
Senior System Administrator
Sony Service Center (NSCE/VPE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [email protected]

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

"This email message is intended for the named recipient only. It may be
privileged and/or confidential. If you are not the intended named recipient
of this email then you should not copy it or use it for any purpose, nor
disclose its contents to any other person which is strictly prohibited and unlawful"

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.