| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[FW-1] Potential DOS against FW-1 logging?
Hi guys,
just noticed something weird. My FW-1 logging just started giving
some totaly bogus messages and then died. Anybody else seen this kind
of behaviour? Not sure whether it's a local thing on my server
or something induced by a strange packet on the network.
Date: Oct 28, 1983
17:46:56 drop 210.10.17.0 > src 255.0.36.0 s_port 79735037 dst 253.63.20.239 serviceproto icmp rule 0
Date: Mar 24, 2024
11:27:17 drop 76.195.0.45 > src 1.192.168.253 s_port -46197521 dst 195.0.0.0 service 4260866 proto 16777215 xlatesrc 255.255.255.255 xlatedst 255.63.20.239 xlatesport udp-high-ports xlatedport 29403389 NAT_rulenum -50331641 NAT_addtnl_rulenumrule 16777216 fstring: log string length 21436 >= 4096, truncated
Addresses are totaly bogus, interface is missing, port numbers don't make sense...
I'm running NG FP3 on Solaris.
Nico
---------------------------------------------------------
"It has been said that there are only two businesses that
refer to customers as users: illegal drug trade and
the computer industry."
---------------------------------------------------------
Nico De Ranter
Senior System Administrator
Sony Service Center (NSCE/VPE-B)
Sint Stevens Woluwestraat 55 (Rue de Woluwe-Saint-Etienne)
1130 Brussel (Bruxelles), Belgium, Europe, Earth
Telephone: +32 2 724 86 41 Telefax: +32 2 726 26 86
e-mail: [email protected]
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
