We have a SonicWall Pro 100 and a PIX 506, 2 different ISP connections. Nessus / NMAP will kill the SonicWall (it maxes out the embryonic connections) so I have to route the scans out thru the PIX. That's when I have to do something from behind the firewall.
--Chris -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Paul Johnston Sent: Thursday, October 16, 2003 6:11 AM To: Michel Arboi Cc: [EMAIL PROTECTED] Subject: Re: Denial of service against network equipments? Hi, I have accidentally DoSed stateful firewalls with nmap. If you originate the scan behind it, then the firewall needs a state table entry for each port being scanned. When you do a 64k port scan, this tends to exceed what the fw was designed for. Paul Michel Arboi wrote: >I'd like to know if anybody has crashed network equipments (firewall, >routers, load balancers) while running a Nessus scan. I had bad >experiences with stateful devices. I did not scan those devices >directly: they were just on the way between the Nessus daemon and the >target machine(s). > >Although I cannot be 100% sure, I suspect that "stream.nasl" is >responsible. > > > -- Paul Johnston Internet Security Specialist Westpoint Limited Albion Wharf, 19 Albion Street, Manchester, M1 5LN England Tel: +44 (0)161 237 1028 Fax: +44 (0)161 237 1031 email: [EMAIL PROTECTED] web: www.westpoint.ltd.uk
smime.p7s
Description: S/MIME cryptographic signature
