According to Simon Churcher:
>
>
> I have just seen this article on SMTP CVP Denial of Service attack...
> anyone have any further info, fixes etc.???
I can confirm this DOS for 4.1 SP1+Hotfix (Build 41603) and 4.0 SP6
(Build 4156), both on Solaris. Obviously $FWDIR/log/asmtpd.elg
respectively $FWDIR/log/asmtpd.log are growing like hell with many
MB each minute during such an attack. Maybe all cpu cycles are eaten up
by in.asmtpd for logging. Don't know if it's possible to disable this.
It may be impossible to load a rulebase from the management system to
the firewall after an attack if $FWDIR/state resides on the same
filesystem like $FWDIR/log. This can be more annoying than some cpu
load on the firewall, unless you link $FWDIR/log/asmtpd.elg to
/dev/null.
Olaf
--
Olaf Selke, [EMAIL PROTECTED], voice +49 5241 80-7069
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
