Funny. I tried faking the source and destination ports to anything over
65000 but hping2 does not seem to take craft the right kind of packets. It
accepts any values for source and destination port but in the firewall log
the source port is shown to be a port in the range of 19000.
-----Original Message-----
From: Nico De Ranter [mailto:nico AT SONYCOM DOT COM]
Sent: Wednesday, July 16, 2003 10:45 AM
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1] Potential DOS against FW-1 logging?
Hi guys,
just noticed something weird. My FW-1 logging just started giving
some totaly bogus messages and then died. Anybody else seen this kind
of behaviour? Not sure whether it's a local thing on my server
or something induced by a strange packet on the network.
Date: Oct 28, 1983
17:46:56 drop 210.10.17.0 > src 255.0.36.0 s_port 79735037 dst
253.63.20.239 service -1023410176 proto icmp rule 0
Date: Mar 24, 2024
11:27:17 drop 76.195.0.45 > src 1.192.168.253 s_port -46197521 dst
195.0.0.0 service 4260866 proto 16777215 xlatesrc 255.255.255.255 xlatedst
255.63.20.239 xlatesport udp-high-ports xlatedport 29403389 NAT_rulenum
-50331641 NAT_addtnl_rulenum -1241513984 rule 16777216 fstring: log string
length 21436 >= 4096, truncated
Addresses are totaly bogus, interface is missing, port numbers don't make
sense...
I'm running NG FP3 on Solaris.
Nico
---------------------------------------------------------
"It has been said that there are only two businesses that
refer to customers as users: illegal drug trade and
the computer industry."
---------------------------------------------------------
Nico De Ranter
Senior System Administrator
Sony Service Center (NSCE/VPE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: nico.deranter AT sonycom DOT com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
"This email message is intended for the named recipient only. It may be
privileged and/or confidential. If you are not the intended named recipient
of this email then you should not copy it or use it for any purpose, nor
disclose its contents to any other person which is strictly prohibited and
unlawful"
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
