BlackNurse Testing Causes issues on Egress Firewall

Reply
Highlighted
L4 Transporter

BlackNurse Testing Causes issues on Egress Firewall

FYI It doesn't appear to require an attack to be an IP address bound to the PA.

 

It also appears that testing a remote firewall while egressing through a PA firewall causes your local firewall to experience DOS effects. It is not just inbound to an IP address of a PA's interface or NAT to that interface.

 

I did an hping3 of type 3 to a remote PA-3020 to test my flood protection in a Zone Protection configuration. In doing so, many of our cloud services became unresponsive through our HQ PA-5060 firewall the testing client was behind.

Tags (1)
Highlighted
Cyber Elite

Re: BlackNurse Testing Causes issues on Egress Firewall

It sounds like you hit the CPS limits of your device, which in affect would be almost the same as a DOS.  

Highlighted
L4 Transporter

Re: BlackNurse Testing Causes issues on Egress Firewall

Sitting at 900 peak out of 120,000 on a regular basis so I don't think that was it. I'll test again specifically watching CPS in show session info as well as CPU utilization. As I recall, our Egress PA did not have any noticible fluctuations in CPU utilization during the hping3 test.

Highlighted
Cyber Elite

Re: BlackNurse Testing Causes issues on Egress Firewall

Interesting; keep us posted. Unless I'm completely remembering things wrong the PA wasn't supposed to be affected by this unless you hit the CPS limit due to someone trying to launch the attach. 

Like what you see?

Show your appreciation!

Click Like if a post is helpful to you or if you just want to show your support.

Click Accept as Solution to acknowledge that the answer to your question has been provided.

The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!

These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the Live Community as a whole!

The Live Community thanks you for your participation!