Bugtraq mailing list archives
Re: Simple DOS attack on FW-1
From: jason.rhoads () SABERNET NET (Jason R. Rhoads)
Date: Fri, 30 Jul 1999 18:48:00 -0700
I have written a small perl script, fwconwatch.pl to monitor the status of the FW-1 connection table. When the table reaches a predefined limit, the script sends an alert and emails a listing of the top connection source addresses. The script also monitors CPU utilization as I have found this to be another good indicator of abnormal activity. Once the script has been configured and tested, it can be added to the /etc/init.d/firewall1 script: #!/bin/sh # FW-1 Start if [ -f /etc/fw/bin/fwstart ]; then FWDIR=/etc/fw export FWDIR /etc/fw/bin/fwstart /etc/fw/bin/fwconwatch.pl& fi # FW-1 END fwconwatch can be found here: http://www.sabernet.net/software/ Lance Spitzner's fwtable.pl script is used to list the top connection sources which can be found here: http://www.enteract.com/~lspitz/fwtable.html Regards, Jason
Current thread:
- Re: Simple DOS attack on FW-1 David Taylor (Jul 29)
- Internet Explorer 5.0 HTML Applications Bryan Batchelder (Jul 30)
- World writable root owned script in SalesBuilder (RedHat 6.0) smaster () SAIL IT (Jul 30)
- Possible Denial Of Service using DNS smaster () SAIL IT (Jul 30)
- Re: Simple DOS attack on FW-1 Jeff Roberson (Jul 30)
- <Possible follow-ups>
- Re: Simple DOS attack on FW-1 Scott, Richard (Jul 30)
- Re: Simple DOS attack on FW-1 Jason R. Rhoads (Jul 30)