Vulnerability Development mailing list archives
Sonicwall DoS
From: Leon Rosenstein <l_rosenstein () MONTELSHOW COM>
Date: Mon, 28 Aug 2000 10:44:06 -0400
Hey everyone first time poster long time lurker. Not sure if this qualifies as a vulnerability or even if it will make the list however, in the Sonicwall SoHo there is a limitation on the amount of connections that one can open. This sets up a denial of service scenario if one can surpass the limit. A denial of service condition exists if someone opens up more then 2048 connections. When this limit is surpassed the cache will overflow and it will begin to drop internal connections. A simple way to re-create this is to run a tcp port scan on a host on the wan. When you open up more then 2048 connection it will begin to complain via the log 08/28/2000 10:18:46.368 - The cache is full; over 2048 simultaneous connections; some will be dropped - Source:10.1.1.6, 2119, LAN - Destination:xxx.xx.xx.xxx, WaN At this point all future connections will have a much less likely chance of getting through as the port scanner saturates all remaining available connections. Again I am not sure if I even posted this right or adhered to any posting protocol. Anyone that has any suggestions or comments please feel free to reach me via e-mail. Thx, Leon Rosenstein
Current thread:
- Sonicwall DoS Leon Rosenstein (Aug 28)
- Re: Sonicwall DoS Mikael Olsson (Aug 28)