Bugtraq mailing list archives
Re: Checkpoint SYN DoS Vulnerability
From: "Bojan Zdrnja" <bojan.zdrnja () gmail com>
Date: Fri, 19 May 2006 10:08:06 +1200
On 5/17/06, Erick Mechler <emechler () techometer net> wrote:
:: SYNdefender is disabled on the Nokia/Checkpoint firewall. Nokia's response :: after seeing the results of the scan has been that SYNdefender is still :: functional even if we disable it and valid authorized scans won't be :: allowed from the firewall as that is a product limitation! The most vocal piece of feedback I gave to CheckPoint back when I used their FW-1 products was to provide a Big Red Button(tm) to disable all of the SmartDefense functionality. It was never made very clear to me, as the admin, when those things kicked-in, and how they would effect my traffic flow. I haven't used FW-1 in the last 12 months, so this might have been addressed, but I can't say for sure.
It wasn't - that's the problem. As I said in my first post, I've experienced numerous problems with the Smart Defense module, which doesn't care what your rules are setup like. You just can't allow *ALL* traffic to go to the destination. Smart Defense seems to be working on a lower level than the rules (or has higher priority, the end result is the same) so if the SD module finds your traffic inappropriate, it will drop it no matter what's in the rules. That's why I suspected that the SYN Defense module gets activated no matter what's in the rules. So, a question for Sanjay: can you setup a tcpdump sniffer in front and behind, just to log all packets. Then run your scans and see what happens at the both ends. You can post pcap files somewhere so people can look at them as well (just sanitize the IP addresses, if you need to). Cheers, Bojan
Current thread:
- Checkpoint SYN DoS Vulnerability sanjay naik (May 16)
- Re: Checkpoint SYN DoS Vulnerability Pawel Worach (May 16)
- Re: Checkpoint SYN DoS Vulnerability sanjay naik (May 16)
- Re: Checkpoint SYN DoS Vulnerability Bojan Zdrnja (May 17)
- Re: Checkpoint SYN DoS Vulnerability Jim Clausing (May 22)
- Re: Checkpoint SYN DoS Vulnerability Erick Mechler (May 18)
- Re: Checkpoint SYN DoS Vulnerability Bojan Zdrnja (May 22)
- Re: Checkpoint SYN DoS Vulnerability sanjay naik (May 16)
- Re: Checkpoint SYN DoS Vulnerability Pawel Worach (May 16)
- Re: Checkpoint SYN DoS Vulnerability sanjay naik (May 18)
- Re: Checkpoint SYN DoS Vulnerability Niranjan S Patil (May 24)
- <Possible follow-ups>
- Re: Checkpoint SYN DoS Vulnerability sanjay naik (May 17)
- Re: Re: Checkpoint SYN DoS Vulnerability jrh57 (May 18)
- RE: Checkpoint SYN DoS Vulnerability Sterling, Chuck (May 18)
- Re: Checkpoint SYN DoS Vulnerability sanjay naik (May 18)