[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] Beware BLOCK INTRUDER

To: 'cbrenton' <cbrenton@sover.net>
Subject: RE: [FW1] Beware BLOCK INTRUDER
From: "Toujague, Orlando" <Orlando_Toujague@tds.com>
Date: Tue, 6 Apr 1999 17:58:16 -0700
Cc: "'fw-1-mailinglist@lists.us.checkpoint.com'" <fw-1-mailinglist@lists.us.checkpoint.com>

    [ The following text is in the "iso-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Thanks Chris. I appreciate your input and look forward to that data in your
notes. Your FW friend.

-----Original Message-----
From: cbrenton [mailto:cbrenton@sover.net]
Sent: Tuesday, April 06, 1999 7:55 PM
To: Toujague, Orlando
Cc: 'fw-1-mailinglist@lists.us.checkpoint.com'
Subject: Re: [FW1] Beware BLOCK INTRUDER

On Tue, 6 Apr 1999, Toujague, Orlando wrote:

> In FW1 under active logs, there is an option called BLOCK INTRUDER which
> will allow you to cut off an active connection coming into your network.
> Sounds nifty - DON'T USE IT. I tried it in the lab and then I could not
turn
> it off. Also, it appeared to have cut-off more than the client connection,
> even the FW could not get out.

This is the same hook used by RealSecure to make dynamic changes to the
firewall policy. It is a pretty cool tool if you need to nuke an active
session from the log viewer and do not want to take the time to create an
actual policy rule. There is a select option from the dialog box which
allows you to kill the traffic for only a specific period of time.

> I called CheckPoint on this and they said - DON'T USE IT. It's a known bug
> and they haven't been able to resolve it.

Humm. I have not used this feature "a lot" but I have it hooked in with
one RS install. I've also used it a few times on two other installs. As I
said, no worries if you set the timer.

> So how do I turn it off? They said, you must reboot.

There is an fw xxxx switch that kills this. You can not "un-nuke" a single
connection but rather must clear the entire table. You can clear the
problem without disturbing firewall operation however.

I do not have my notes with me at the moment but I can look up the
switch value if you need it.

Cheers,
Chris
-- 
**************************************
cbrenton@sover.net

* Multiprotocol Network Design & Troubleshooting
http://www.amazon.com/exec/obidos/ASIN/0782120822/geekspeaknet
* Mastering Network Security
http://www.amazon.com/exec/obidos/ASIN/0782123430/geekspeaknet

================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: Re: [FW1] Beware BLOCK INTRUDER
Next by Date: RE: [FW1] Beware BLOCK INTRUDER
Prev by thread: Re: [FW1] Beware BLOCK INTRUDER
Next by thread: RE: [FW1] Beware BLOCK INTRUDER
Index(es):
- Date
- Thread