Could this possibly be just a variation on the well-known
"fill up the FW-1 Connections Table" denial-of-service
vulnerability?
--- Jonah Kowall <[EMAIL PROTECTED]> wrote:
> From: Jonah Kowall <[EMAIL PROTECTED]>
> To: [EMAIL PROTECTED]
> Subject: [FW1] FW: CheckPoint FW1 BUG (fwd)
> Date: Fri, 7 Jul 2000 18:05:24 -0400
>
>
> Date: Fri, 7 Jul 2000 09:15:33 -0700
> Reply-To: Ben Greenbaum <[EMAIL PROTECTED]>
> Sender: Bugtraq List <[EMAIL PROTECTED]>
> From: Ben Greenbaum <[EMAIL PROTECTED]>
> Subject: Re: CheckPoint FW1 BUG (fwd)
> To: [EMAIL PROTECTED]
>
> Forwarded to Bugtraq with permission of the author. Checkpoint has been=20
> notified by Mr. Vasquez.=20
>
> Can anyone else replicate this?
>
> Ben Greenbaum
> Director of Site Content
> Security Focus
> http://www.securityfocus.com
>
>
> ---------- Forwarded message ----------
> Date: Fri, 7 Jul 2000 12:20:17 +0200
> From: hugov <[EMAIL PROTECTED]>
> Subject: RE: CheckPoint FW1 BUG
>
> Dear Sirs,
>
> I think I have found a bug in CheckPoint Firewall-1.
> That=B4s what I have noticed :
>
> If you flood port 264 ( FW1_topo ) from your local network, the Firewall-1
> CPU reaches 100% and nobody can connect with GUI ( neither on the firewall
> itself ).
>
> The test has been done on a local 10 MB Ethernet against a PII 266 256 MB,
> FW1 4.1 SP1 in a NT 4.0 SP4 with the ippacket software and spoofing the
> source IP, and that=B4s the packet sent :
>
> destination IP : Firewall (external interface)
> source IP : non existent IP ( on local net )
> source port : 1000
> destination port : 264
> data : qwertyuiop1010101010
> number of packets : -1 ( continuos mode )
>
> Due to the importance of this port ( 264 ) in Securemote, etc... I think
> It would be interesting to investigate how much this attack could danger
> the system ( memory ) and comunications (smtp, VPN , Securemote...).
>
> I have not tested from the Internet.
>
> Sincerely,
>
>
> --
> Hugo V=E1zquez Caram=E9s
> Departamento T=E9cnico de Sistemas
> Seguridad Corporativa - Grupo ADD
> mailto:[EMAIL PROTECTED]
> Tel. +34.93.580.25.00
> Fax. +34.93.580.28.93
>
>
>
================================================================================
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
================================================================================
__________________________________________________
Do You Yahoo!?
Get Yahoo! Mail � Free email you can access from anywhere!
http://mail.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
