We had our NT FW-1 run out of virtual memory due to Code red attacks.
A muck up on our part rather than NT, I mean who would only put a 127MB
swapfile on FW1...... grrrrr
cheers
Dean
-----Original Message-----
From: Mike Glassman - Admin [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, 14 August 2001 2:07 a.m.
To: 'fw-1 listserv'
Subject: [FW1] RE: Firewall attacked by IIS servers!
We'r seeing hundreds of attempts from code red hit machines to our FW.
All dropped obviously but it does slow things down.
I guess some people havn't caught on to it yet.
Mike
> -----Original Message-----
> From: Russell Aspinwall [SMTP:[EMAIL PROTECTED]]
> Sent: б аевеси 13 2001 14:41
> To: ragu nandan
> Cc: [EMAIL PROTECTED]
> Subject: Re: Firewall attacked by IIS servers!
>
> Hi Ragu,
>
> Start running Apache! Is IIS worth all the hassle?
>
> Regards
>
> Russell
>
> ragu nandan wrote:
>
> > Oh, never had seen a Solaris machine running CP FW 4.1
> > SP 2 brought to its knees literally. Happenned on the
> > weekend. The screen just dumped "fw: halloc: unable to
> > allocate 68 bytes", followed by "fw: fw_xlate_forw:
> > failed to initalize the connection " and
> > "fw: fw_init_xlation: ld_set forward failed". I
> > couldn't stop it, had to reboot. When I did, after it
> > installed the policy it would start again. I had VVM
> > on the FW and Interscan VW on it, so had to eliminate
> > these variables. The solaris machine was an Ultra 60
> > with a Gig of memory, so it could well handle enough
> > connections. But when I ran a command that showed how
> > many connections, saw 15,000!. After spending hrs with
> > ISS, finally realized that I was attacked by code red
> > on the ubiquitous IIS servers in the DMZ. I isolated
> > DMZ, Extranet, still wouldn't stop. Isolated the
> > internal network, and that when the Firewall became
> > normal and connections became double-digit. So still
> > patching or disconnecting all those windoze machines
> > running IIS. Even now the FW is very slow and shows
> > 5000 connections. Wonder anybody else had these
> > experiences before.
> > Any thoughts?
> > Ragu
> >
> > __________________________________________________
> > Do You Yahoo!?
> > Make international calls for as low as $.04/minute with Yahoo! Messenger
> > http://phonecard.yahoo.com/
> > _______________________________________________
> > Firewalls mailing list
> > [EMAIL PROTECTED]
> > http://lists.gnac.net/mailman/listinfo/firewalls
> >
> >
>
> _______________________________________________
> Firewalls mailing list
> [EMAIL PROTECTED]
> http://lists.gnac.net/mailman/listinfo/firewalls
============================================================================
====
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
***************************************************
This e-mail is not an official statement of the
Waikato Regional Council unless otherwise stated.
Visit our website http://www.ew.govt.nz
***************************************************
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
