Advanced
Mailing List Archive

Mailing List Archive

  1. Home >
  2. Cisco>
  3. NSP
[nsp] PIX
odusseus at voila
Sep 9, 2002, 6:53 AM
Post #1 of 3 (1318 views)
Permalink
Hi,

From the firewall's log (Cisco Pix 515), I got 22,000 messages from the same source IP address to the same IP destination
saying that: "invalid transport number, in which [...] destination port number for a protocol is zero."


Is it possible that someone sending a large amount of traffic to the firewall make this firewall unusable due to a cpu rate to
high ?

Is it possible to pass through the firewall which is not able to filter any traffic due to its cpu high rate ?

Thank you.

Regards

Christophe


------------------------------------------

Faites un voeu et puis Voila ! www.voila.fr
Re: [nsp] PIX [ In reply to ]
chrismcc at pricegrabber
Sep 9, 2002, 7:38 AM
Post #2 of 3 (1278 views)
Permalink
Hello...


odusseus wrote:
> Hi,
>
>>From the firewall's log (Cisco Pix 515), I got 22,000 messages from the same source IP address to the same IP destination
> saying that: "invalid transport number, in which [...] destination port number for a protocol is zero."

My money is on this being a probe. IIRC firewalk,
http://www.packetfactory.net/Projects/Firewalk, uses port 0 by default.


>
>
> Is it possible that someone sending a large amount of traffic to the firewall make this firewall unusable due to a cpu rate to
> high ?
>
> Is it possible to pass through the firewall which is not able to filter any traffic due to its cpu high rate ?
>
> Thank you.
>
> Regards
>
> Christophe
>
>
> ------------------------------------------
>
> Faites un voeu et puis Voila ! www.voila.fr
>
> _______________________________________________
> cisco-nsp mailing list real_name)s@puck.nether.net
> http://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/



--
Christopher McCrory
"The guy that keeps the servers running"

chrismcc@pricegrabber.com
http://www.pricegrabber.com

Let's face it, there's no Hollow Earth, no robots, and
no 'mute rays.' And even if there were, waxed paper is
no defense. I tried it. Only tinfoil works.
Re: [nsp] PIX [ In reply to ]
niels=cisco-nsp at bakker
Sep 9, 2002, 10:13 AM
Post #3 of 3 (1279 views)
Permalink
* chrismcc@pricegrabber.com (Christopher McCrory) [Mon 09 Sep 2002, 16:47 CEST]:
> odusseus wrote:
>> From the firewall's log (Cisco Pix 515), I got 22,000 messages from the
>> same source IP address to the same IP destination saying that: "invalid
>> transport number, in which [...] destination port number for a protocol
>> is zero."
> My money is on this being a probe. IIRC firewalk,
> http://www.packetfactory.net/Projects/Firewalk, uses port 0 by default.

That'd be <URL:http://www.packetfactory.net/firewalk/>.

More likely it's hping2 <URL:http://www.hping.org/>, though (I know for
certain that it defaults to port 0 :).


-- Niels.

--

©2024 GT.net. A Gossamer Threads company.
5th Floor, 455 Granville St., Vancouver, BC V6C 1T1, Canada | Legal