lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-Id: <200612182001.33173.misch@multinet.de>
Date: Mon, 18 Dec 2006 20:01:29 +0100
From: Michael Schwartzkopff <misch@...tinet.de>
To: bugtraq@...urityfocus.com
Subject: Re: Checkpoint NG3 ICMP Flood

Am Montag, 18. Dezember 2006 12:14 schrieb bdmoraes@....com.br:
> Dear All,
>
> I have one checkpoint NG3 in my company and verifying in Tracking i have
> tousands of events with ICMP type 8 and type 17.
>
> The events has origin in my internal networks, with one problem .. the
> Source IP is my PAT address for internal hosts to internet.
>
> Is there any bug of Checkpoint? Anyone already seen this event?
>
> I will go verify with sniffers and other tools, but this IP (Only for PAT)
> is no routeable in my internal networks...
>
> Thanks for attention.
> Poison

hi,

perhaps related to:
http://www.incidents.org/diary.php?storyid=1949&isc=ae18b977be6828a8c9bf904d72cc5630

Sniffer: depends on what platform you use:
- Solaris: snoop
- everything else: tcpdump

Reading out the MAC adresses of there packets should give a clue in the 
direction where to search further.

-- 
Dr. Michael Schwartzkopff
MultiNET Services GmbH
Bretonischer Ring 7
85630 Grasbrunn

Tel: (+49 89) 456 911 - 0
Fax: (+49 89) 456 911 - 21
mob: (+49 174) 343 28 75

PGP Fingerprint: F919 3919 FF12 ED5A 2801 DEA6 AA77 57A4 EDD8 979B
Skype: misch42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ