Re: WatchGuard Firewall internal D.O.S

[karl () MAXIM CA (Karl Stevens)]

Hello,

We've have a Watchguard (original) for some time now, and don't see the
problem you describe.. perhaps it could be a configuration issue?

Does it happen at other ports as well, or just DNS? - And do you have
the 'outgoing' icon enabled? (if so, it could be what's causing the
problem - try just allowing specific traffic, and exclude the firewall
from the lists of allowed hosts)

FWIW, the Firebox (original, and probably II as well) is a low-end PC
running Linux 2.0.3x.. (we built a backup for ours out of an old P100
and 3com NICs :) .. applying linux know-how to the firebox might save
you some headaches..

TTUL
-Karl

ps. I agree that talking directly to Seattle Labs doesn't help much at
first, try going through your dealer - SL is much more responsive to
dealer inquiries than from end-users (it's the way they're structured...
configuration problems are handled by the dealers, technical issues are
handled by SL... since at first glance yours appears to be a
configuration issue, they might have ignored it until it goes through
proper channels..)


Who Wants To Live Forever ... wrote:
> When we was testing a FireBox II (WatchGuard.. the red one box)
> from internet it filtered any attack, but when we probe it from internal
> network (masquerade), it doesn't filter udp attack, actually with "pepsi"
> flood spoofed as localhost at dns port, it goes down, and stay disarmed.
> We dont know if machines at the "optional" interface stay completly
> vulnerable .. but it could be, we inform at WatchGuard.com .. but they
> doesnt answer.
>
> Matias Ruiz
> Patricio Laf.
> www.miticos.cl