|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
RE: SonicWall Firewall DoS, ARP Flood, Network Mapping
From: Robert C. Auch (RAuch
totalnetsolutions.net)
Date: Wed Mar 03 2004 - 16:16:37 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
A few clarifications, according to CSSA Support (Level 2 support):
1) You need to have Ethernet connectivity to the WAN interface to
exploit this. T1, and many cable implementations will stop this.
2) The "default" or "normal" mode that most SonicWall devices are
installed in is "NAT Mode" - SonicWall reported to me that the ARP
requests are not sent backwards across a device in NAT mode, only
standard mode (NAT not enabled).
3) ARP traffic is very small - to create a DoS on the network, you'd
need to generate thousands of arps per second.
SonicWall firmware version 6.6 (no ETA from support) will fix these
issues.
My thought:
If you've got an attacker that close to your network, does he really
need to use your SonicWall for mapping?
Robert Auch
First initial last name at totalnetsolutions.net
0 ASCII Ribbon campaign - against HTML Email
^ - against auto-execute attachments
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]