When using the "heavy" scanning mode on a network protected by Checkpoint's (or sunsoft's OEM of it) FireWall-1 on a low-end system (IPX w/32mb ram) the FW runs out of memory. This does not yield any security problems, however logging may stop/miss a few. Then the log should be cleared to reduce the memory used by the fw process. This is not a security problem, just a measure of the incredible force SATAN uses when on 'heavy' mode. Rod ______________________________ Reply Separator _________________________________ Subject: Re: Technical Observations on SATAN: Issue: VMS and TCP/IP Author: tfs@vampire.science.gmu.edu at Internet Date: 4/7/95 3:07 AM Erik Lindquist wrote: |For some reason when I test SATAN against VMS systems running either UCX or |Wollongong TCP/IP stacks the systems crash. |This seems to be true for the heavy test only. Other potentially |coincidental events include: | 1. First test on a given node; when system reboots and a test | is again performed a successful test seems to be made. | 2. The first test uses the FQDN and the second test uses the | IP address. |I have no idea where to look? The crash logs do not reveal anything helpful. |A message coming from SATAN says: | bin/udp_scan: are we talking to a dead host or network? I do some admin stuff at GMU, and while one of the other admin's here was running it against our subnet we encountered a crash. We've got a Paragon, and on the heavy scan it crashed during the test. We havn't isolated why yet, but suspect that it was becasue it was being hammered quite fast. This was after the "light & med" tests hasd passed. That machine is fairly tight, so it wasn't a matter of there being alot of ports open or anything... Anyway it didn't happen again, and we really ~obviously~ arn't looking to replicate it, particlularly on this machine, but I'd be interested to hear of any similar stuff from other folks. -tfs