Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] CheckPoint NG AI with state synchronization crashed under DDOS

To: [email protected]
Subject: [FW-1] CheckPoint NG AI with state synchronization crashed under DDOS
From: CHEUNG Kwok Ho <[email protected]>
Date: Mon, 1 Sep 2003 20:57:14 +0800
Importance: Normal
In-reply-to: <[email protected]>
References: <OF56FB22BC.A17A47DA-ON48256D56.001F0396-48256D56.001F4EFF@ca-chq.celestica.com> <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

Dear all,


  I would like to seek for advice and recommendations on NG AI +
state syncrhonization.

  There are two CheckPoint NG AI modules in my campus.  The modules are
running Windows 2000 server.  These two modules are connected together
by Foundry ServerIron switches for load balancing.  I have successfully
configured state synchronization on the CheckPoint modules.

  As a testing requirement, I need to test the CheckPoint modules under
DDOS attacks.  So I set up tfn2k to trigger a TCP SYN attack.  The
attack generated about 10Mbit/s traffic and passing through one of the
firewall.  The firewall crashed with blue screen (bad_pool_caller)
within 30 seconds.

  During the test, a large number of UDP/8116 packets (which constitutes
nearly 60Mbit/s) were flowing through the synchronization network.  If I
turned off state synchronization, then the firewalls can survive under
the same TCP SYN attack.

  I would like to ask:
  1) Could anyone give me more information about the mechanism of state
synchronization?  In particular, why 10Mbit/s traffic can lead to
60Mbit/s synchronization traffic.
  2) Does anyone try NG AI and state synchronization?  Is there any
problem so far?
  3) Is there any method to tune the state synchronization?

  Thanks in advance,

Regards,
  K.H. Cheung
  Information Technology Services Ceter
  Hong Kong University of Science & Technology

=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

References:
- [FW-1] vpn checkpoint <-> ms isa-server
  - From: Helmar Pabst <[email protected]>

Prev by Date: Re: [FW-1] FW1 cpWatchDog: [ERROR] Process FWD terminated abnormally : Unhandled exception 0xc0000005 (EXCEPTION_ACCESS_VIOLATION).
Next by Date: Re: [FW-1] Migrating to Secure Platform
Previous by thread: [FW-1] vpn checkpoint <-> ms isa-server
Next by thread: Re: [FW-1] FW1 cpWatchDog: [ERROR] Process FWD terminated abnormally : Unhandled exception 0xc0000005 (EXCEPTION_ACCESS_VIOLATION).
Index(es):
- Date
- Thread