Bugtraq mailing list archives
Re: NT DoS on FW-1
From: hargett () WINTERMUTE CITYSCAPE NET (Matt Hargett)
Date: Sun, 21 Feb 1999 17:43:44 -0600
This issue can be fixed by simply implementing a stealthing rule on the firewall itself. The problem is in NT's stack, not the FireWalls. Jamie Thain wrote:Timothy,I was running nmap against a client's Checkpoint FW-1 when they called to inform me that it had crashed. I was not on site so unfortunately I have little details.I have seen this befor where a high speed port scanner running against
a
FW-1 on NT seems to crash it. FW-1 does not exhibit this behaviour on Sun. You may want to check and make sure you have the most recent
patch
level. That information is on the FW-1 site.I DO know that they were running it on a NT box and it was behind a Cisco 3640.
I have done a bit of testing using nmap against NT 4.0 with SP4. My findings were that plain NT 4.0 SP4 doesn't crash/behave erratically by itself with the many instances of nmap options that I tried. Certainly not a simple SYN scan with OS fingerprinting. What exactly is the problem in NT's stack and how exactly can you measure it's adverse reaction? I was looking under task manager at the nonpaged kernel memory, process, thread, and handle counts. ----------------------------------------- Matt Hargett http://www.cityscape.net/~hargett matt () use net sex on the TV, everybody's at it and the mind gets dirty as you get closer to thirty
Current thread:
- Re: NT DoS on FW-1 Malikai (Feb 15)
- Canc0n99/2k HWA Staff (Feb 16)
- Quake client killer Tim Fletcher (Feb 16)
- Quakeworld client killer followup Tim Fletcher (Feb 18)
- Re: NT DoS on FW-1 cbrenton (Feb 16)
- <Possible follow-ups>
- Re: NT DoS on FW-1 Matt Hargett (Feb 21)