Re: [RISC Technology Europe]: Re: [FW1] Jolt 2

Wed, 14 Jun 2000 13:16:53 -0700 


I don't thing so.

The better way is to put an access list for all icmp inside your "exterior router",
(I mean the router between your fw and you internet connection).

I also tested this attack and the solution from checkpoint ( fw ctl debug -buf )
work but my cpu still loaded for 5 to 10 % for one attack.

Dan

Frederic NAKHLE wrote:

> I'm ok. But it's maybe possible to block it with realsecure and opsec
> configuration and block the source ip by example.
> Can you give me your opinion.
>
> Thanks
>
> Lance Spitzner writes:
>  > On Wed, 14 Jun 2000, Frederic NAKHLE wrote:
>  >
>  > >      I already test this attack and the result is that nobody can go
>  > > out/in the site.
>  > >      At this moment i thing that the solution is to have a IDS like
>  > > realsecure snort. This ids can block this attack.
>  >
>  > Actually, no IDS can block the attack, the IDS can only detect the
>  > attack.  The attack can the be blocked by an upstream rouer, or
>  > an additional filter such as Darren Reed's IPFilter. For more info,
>  > check out http://www.enteract.com/~lspitz/fwtable.html
>  >
>  > Hope that helps. :)
>  >
>  > lance
>  >
>
> --
> -----------------------------------------------
> Frederic NAKHLE         mailto:[EMAIL PROTECTED]
> RISC Technology Europe  http://www.risc.fr
> Liste FireWall-1 RISC   http://lists.risc.fr
> APRIL                   http://www.april.org
> Debian GNU/Linux        http://www.debian.org
> -----------------------------------------------
> "Resistance is futile. Open your source code and prepare for assimilation."
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to