Bugtraq mailing list archives
Possible Watchguard Firebox II DoS
From: Raptor <raptor () 0XDEADBEEF EU ORG>
Date: Thu, 16 Nov 2000 16:44:31 +0100
Hi, i've recently played with the Watchguard Firebox II firewall and discovered a nasty behaviour. Launching a simple connect() flooder against the ftp proxy of the firewall (i haven't tested other services) the port hangs and so do all other services (also the watchguard remote administration daemon, on port 4105/tcp): the firewall load becomes about 100% and it needs to be rebooted. Filtering and dinamic rules update seem to continue working after the attack. I've verified the DoS either on LAN and on the Internet, but it's important to say FTP proxy from the untrusted interface is NOT enabled by default. Here is the program i've used (a simple lame proggie from packet storm), use it in this way to reproduce the bug: ./hammer2k <ip_of_the_firewall> -ftp -A Wait about 30 secs and stop the DoS: the firewall services should have been disabled. Cheers, :raptor Antifork Research @ Mediaservice.net srl http://raptor.antifork.org http://www.mediaservice.net
Attachment:
hammer2k.c
Description:
Current thread:
- Possible Watchguard Firebox II DoS Raptor (Nov 17)
- <Possible follow-ups>
- Re: Possible WatchGuard Firebox II DoS Steve Fallin (Nov 18)
- Re: Possible WatchGuard Firebox II DoS Steve Fallin (Nov 24)