Home page logo

bugtraq logo Bugtraq mailing list archives

Re: Simple DOS attack on FW-1
From: jason.rhoads () SABERNET NET (Jason R. Rhoads)
Date: Fri, 30 Jul 1999 18:48:00 -0700

I have written a small perl script, fwconwatch.pl to monitor the status
of the FW-1 connection table.  When the table reaches a predefined
limit, the script sends an alert and emails a listing of the top
connection source addresses.  The script also monitors CPU utilization
as I have found this to be another good indicator of abnormal activity.

Once the script has been configured and tested, it can be added to the
/etc/init.d/firewall1 script:

  # FW-1 Start
  if [ -f /etc/fw/bin/fwstart ]; then
    export FWDIR
  # FW-1 END

fwconwatch can be found here: http://www.sabernet.net/software/

Lance Spitzner's fwtable.pl script is used to list the top connection
sources which can be found here:


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]