Popular firewall vulnerable to DoS attacks

A security researcher has discovered a flaw in a popular firewall that he says makes the tool vulnerable to denial-of-service attacks. The FireWall-1 product, developed by Checkpoint Software Technologies, can apparently be disabled by bombarding the tool with incomplete fragments of data packets.

Lance Spitzner, a member of the Global Enterprise Security Team at Sun Microsystems, said he discovered the flaw on May 27 while attempting to understand how FireWall-1 handles IP fragmentation.

Spitzner notified Checkpoint, which has developed a short-term solution and is working on a long-term fix for the problem.

Spitzner's research findings can be found at http:///www.enteract.com/~lspitz/fwtable.html.

Greg Smith, director of product marketing at Checkpoint, said the company has developed a workaround solution for the firewall, which protects a network from denial-of-service attacks. The workaround is available at the company's Web site.

He said a permanent fix for the problem will be included in the next release of the next service pack for FireWall-1 later this month.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

More about Sun Microsystems

Show Comments