[<prev] [next>] [<thread-prev] [day] [month] [year] [list]
Date: Mon, 18 Dec 2006 21:04:00 +0100 (CET)
From: Hugo van der Kooij <hvdkooij@...derkooij.org>
To: Bugtraq mailinglist <bugtraq@...urityfocus.com>
Subject: Re: Checkpoint NG3 ICMP Flood
On Mon, 18 Dec 2006, bdmoraes@....com.br wrote:
> I have one checkpoint NG3 in my company and verifying in Tracking i have tousands of events with ICMP type 8 and type 17.
>
> The events has origin in my internal networks, with one problem .. the Source IP is my PAT address for internal hosts to internet.
>
> Is there any bug of Checkpoint? Anyone already seen this event?
>
> I will go verify with sniffers and other tools, but this IP (Only for PAT) is no routeable in my internal networks...
I strongly doubt you found a bug in the software. Your report is missing
crucial information.
- Exact Check Point version (fw ver)?
(Did you apply the minimal required HFA on NG FP3?)
- How did you configure this PAT exactly?
At this point this report is in fact pointless and more of FUD message.
Hugo.
--
hvdkooij@...derkooij.org http://hvdkooij.xs4all.nl/
This message is using 100% recycled electrons.
Powered by blists - more mailing lists