|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
Subject: Possible Watchguard Firebox II DoS
From: Raptor (raptor
0XDEADBEEF.EU.ORG)Date: Thu Nov 16 2000 - 09:44:31 CST
- Next message: The Proton: "Netopia ISDN Router 650-ST: Viewing of all system logs without login"
- Previous message: SNS Research: "Netsnap Webcam Software Remote Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Hi,
i've recently played with the Watchguard Firebox II firewall and
discovered a nasty behaviour. Launching a simple connect() flooder
against the ftp proxy of the firewall (i haven't tested other services)
the port hangs and so do all other services (also the watchguard remote
administration daemon, on port 4105/tcp): the firewall load becomes about
100% and it needs to be rebooted.
Filtering and dinamic rules update seem to continue working after the
attack.
I've verified the DoS either on LAN and on the Internet, but it's
important to say FTP proxy from the untrusted interface is NOT enabled by
default.
Here is the program i've used (a simple lame proggie from packet storm),
use it in this way to reproduce the bug:
./hammer2k <ip_of_the_firewall> -ftp -A
Wait about 30 secs and stop the DoS: the firewall services should have
been disabled.
Cheers,
:raptor
Antifork Research Mediaservice.net srl
http://raptor.antifork.org http://www.mediaservice.net
- TEXT/PLAIN attachment: hammer2k.c
- Next message: The Proton: "Netopia ISDN Router 650-ST: Viewing of all system logs without login"
- Previous message: SNS Research: "Netsnap Webcam Software Remote Overflow"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]