I had a similar event with my firewall stalling ...and not sure if this
may help...
Check your unknown routes(default routes). I had the problem of routes not
known in my routing tables would point to the firewall as a default route.
Although I had a static route on the firewall that covered all my subnets
pointing back inside. So if you allow icmp packets into your net(or could
be a internal attack) someone could do a dos attack on your firewall by
sending a high # of icmp packets to an unknown subnet in your classful
address space and bounce between your firewall and internal router until
the ttl field timed out. Depending on the amount of packets and firewall,
it could cripple your box, It killed mine.
Fix,
Try redistributing a static route into your routing table that covers your
address space(supernet) and pipe it to null.
Jeff-
On Wed, 19 May 1999, Butters, Kevin wrote:
> I have with a F/W that stalls every day at approximately the same time.
> Looking at the logs, two items stand out. One, the inside interface gets hit
> with ICMP traffic. Two, the same interface gets hit with a "non-igmp"
> traffic. The ICMP traffice occurs intermittently throughout the day, but the
> "non-igmp" traffic appears just before the F/W hangs. Is the "non-igmp"
> traffic enough to be causing the F/W to hang?
>
> Kevin
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
>
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
