Home page logo
/

bugtraq logo Bugtraq mailing list archives

Re: Checkpoint NG3 ICMP Flood
From: Hugo van der Kooij <hvdkooij () vanderkooij org>
Date: Mon, 18 Dec 2006 21:04:00 +0100 (CET)

On Mon, 18 Dec 2006, bdmoraes () bol com br wrote:

I have one checkpoint NG3 in my company and verifying in Tracking i have tousands of events with ICMP type 8 and type 
17.

The events has origin in my internal networks, with one problem .. the Source IP is my PAT address for internal hosts 
to internet.

Is there any bug of Checkpoint? Anyone already seen this event?

I will go verify with sniffers and other tools, but this IP (Only for PAT) is no routeable in my internal networks...

I strongly doubt you found a bug in the software. Your report is missing crucial information.
 - Exact Check Point version (fw ver)?
        (Did you apply the minimal required HFA on NG FP3?)
 - How did you configure this PAT exactly?

At this point this report is in fact pointless and more of FUD message.

Hugo.

--
        hvdkooij () vanderkooij org     http://hvdkooij.xs4all.nl/
            This message is using 100% recycled electrons.


  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]