BlackNurse Testing Causes issues on Egress Firewall

cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Announcements

BlackNurse Testing Causes issues on Egress Firewall

L4 Transporter

FYI It doesn't appear to require an attack to be an IP address bound to the PA.

 

It also appears that testing a remote firewall while egressing through a PA firewall causes your local firewall to experience DOS effects. It is not just inbound to an IP address of a PA's interface or NAT to that interface.

 

I did an hping3 of type 3 to a remote PA-3020 to test my flood protection in a Zone Protection configuration. In doing so, many of our cloud services became unresponsive through our HQ PA-5060 firewall the testing client was behind.

3 REPLIES 3

Cyber Elite
Cyber Elite

It sounds like you hit the CPS limits of your device, which in affect would be almost the same as a DOS.  

Sitting at 900 peak out of 120,000 on a regular basis so I don't think that was it. I'll test again specifically watching CPS in show session info as well as CPU utilization. As I recall, our Egress PA did not have any noticible fluctuations in CPU utilization during the hping3 test.

Interesting; keep us posted. Unless I'm completely remembering things wrong the PA wasn't supposed to be affected by this unless you hit the CPS limit due to someone trying to launch the attach. 

  • 2566 Views
  • 3 replies
  • 0 Likes
Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!

The LIVEcommunity thanks you for your participation!