[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] CheckPoint NG AI with state synchronization crashed un der DDOS
The problem is not checkpoint, the problem is that you are running it on windows 2000. A worse operating system for a firewall would be difficult to find. Windows 2000 is insecure and cannot deal with many types of ddos attack. You're better off using a hardened version of linux which can better deal with dDOS attacks and is a lot more secure. -----Original Message----- From: CHEUNG Kwok Ho [mailto:[email protected]] Sent: 01 September 2003 13:57 To: [email protected] Subject: [FW-1] CheckPoint NG AI with state synchronization crashed under DDOS Dear all, I would like to seek for advice and recommendations on NG AI + state syncrhonization. There are two CheckPoint NG AI modules in my campus. The modules are running Windows 2000 server. These two modules are connected together by Foundry ServerIron switches for load balancing. I have successfully configured state synchronization on the CheckPoint modules. As a testing requirement, I need to test the CheckPoint modules under DDOS attacks. So I set up tfn2k to trigger a TCP SYN attack. The attack generated about 10Mbit/s traffic and passing through one of the firewall. The firewall crashed with blue screen (bad_pool_caller) within 30 seconds. During the test, a large number of UDP/8116 packets (which constitutes nearly 60Mbit/s) were flowing through the synchronization network. If I turned off state synchronization, then the firewalls can survive under the same TCP SYN attack. I would like to ask: 1) Could anyone give me more information about the mechanism of state synchronization? In particular, why 10Mbit/s traffic can lead to 60Mbit/s synchronization traffic. 2) Does anyone try NG AI and state synchronization? Is there any problem so far? 3) Is there any method to tune the state synchronization? Thanks in advance, Regards, K.H. Cheung Information Technology Services Ceter Hong Kong University of Science & Technology ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= Vodafone Global Content Services Limited Registered Office: Vodafone House, The Connection, Newbury, Berkshire RG14 2FN Registered in England No. 4064873 This e-mail is for the addressee(s) only. If you are not an addressee, you must not distribute, disclose, copy, use or rely on this e-mail or its contents, and you must immediately notify the sender and delete this e-mail and all copies from your system. Any unauthorised use may be unlawful. The information contained in this e-mail is confidential and may also be legally privileged. ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|