I've also seen a lot of firewall fail over... port scans will tax the box enough for the heartbeat to slow down past the minimum thresh-hold, which causes it to switch to the backup. Checkpoint never stopped handling traffic itself, but StoneBeat's heartbeat got too slow...
Quoting Christopher Harrington <[EMAIL PROTECTED]>: > We have a SonicWall Pro 100 and a PIX 506, 2 different ISP connections. > Nessus / NMAP will kill the SonicWall (it maxes out the embryonic > connections) so I have to route the scans out thru the PIX. That's when > I have to do something from behind the firewall. > > --Chris > > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] > On Behalf Of Paul Johnston > Sent: Thursday, October 16, 2003 6:11 AM > To: Michel Arboi > Cc: [EMAIL PROTECTED] > Subject: Re: Denial of service against network equipments? > > > Hi, > > I have accidentally DoSed stateful firewalls with nmap. If you originate > > the scan behind it, then the firewall needs a state table entry for each > > port being scanned. When you do a 64k port scan, this tends to exceed > what the fw was designed for. > > Paul > > Michel Arboi wrote: > > >I'd like to know if anybody has crashed network equipments (firewall, > >routers, load balancers) while running a Nessus scan. I had bad > >experiences with stateful devices. I did not scan those devices > >directly: they were just on the way between the Nessus daemon and the > >target machine(s). > > > >Although I cannot be 100% sure, I suspect that "stream.nasl" is > >responsible. > > > > > > > > -- > Paul Johnston > Internet Security Specialist > Westpoint Limited > Albion Wharf, 19 Albion Street, > Manchester, M1 5LN > England > Tel: +44 (0)161 237 1028 > Fax: +44 (0)161 237 1031 > email: [EMAIL PROTECTED] > web: www.westpoint.ltd.uk > > -- http://www.cirt.net/
