[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Potential DOS against FW-1 logging?
Hi guys, just noticed something weird. My FW-1 logging just started giving some totaly bogus messages and then died. Anybody else seen this kind of behaviour? Not sure whether it's a local thing on my server or something induced by a strange packet on the network. Date: Oct 28, 1983 17:46:56 drop 210.10.17.0 > src 255.0.36.0 s_port 79735037 dst 253.63.20.239 serviceproto icmp rule 0 Date: Mar 24, 2024 11:27:17 drop 76.195.0.45 > src 1.192.168.253 s_port -46197521 dst 195.0.0.0 service 4260866 proto 16777215 xlatesrc 255.255.255.255 xlatedst 255.63.20.239 xlatesport udp-high-ports xlatedport 29403389 NAT_rulenum -50331641 NAT_addtnl_rulenumrule 16777216 fstring: log string length 21436 >= 4096, truncated Addresses are totaly bogus, interface is missing, port numbers don't make sense... I'm running NG FP3 on Solaris. Nico --------------------------------------------------------- "It has been said that there are only two businesses that refer to customers as users: illegal drug trade and the computer industry." --------------------------------------------------------- Nico De Ranter Senior System Administrator Sony Service Center (NSCE/VPE-B) Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne) 1130 Brussel (Bruxelles), Belgium, Europe, Earth Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86 e-mail: [email protected] ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|