You may be referring to the IP Fragmentation problem with CP. FW reassembles
all packets before inspecting them. It also logs also this via a kernel logger
(not to be confused with the system log). Corrupt or malformed packets that
cant be reassembled by FW are continuously logged and this logging process can
potentially max CPU to 100%, thereby creating a DoS type attack. FW may also
crash.
CP has not release a fix for it but they are aware of the problem. You can
institute a work around by disabling the kernel logging. Type "fw ctl debug
-buf" from the bin directory. You may want to add this to your fwstart.bat file
so it occurs after each reboot.
Davinder
"Simon O'Mahoney" <[EMAIL PROTECTED]> on 06/15/2000 01:19:58 PM
To: [EMAIL PROTECTED]
cc: (bcc: Davinder Rodey/DKBDS USA/DKB)
Subject: [FW1] Firewall-1 - DOS and Logging
I've heard that there is a newly discovered DOS problem related to logging
on all versions of Firewall-1. Can someone confirm this or point me to
somewhere else I could find further information about this.
Thanks
Simon
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
