Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
Firewalls from multiple vendors empty state tables more slowly than they are filled, which allows remote attackers to flood state tables with packet flooding attacks such as (1) TCP SYN flood, (2) UDP flood, or (3) Crikey CRC Flood, which causes the firewall to refuse any new connections.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
多家厂商防火墙包淹没导致状态表填满漏洞
Vulnerability Description
多种防火墙产品使用状态表判断是否获得的包属于两个主机间已经存在的会话中,当防火墙遇到包匹配规则库但不匹配单前定义的状态时,状态表中会增加一条新的会话条目。防火墙根据不同原因会从状态表中移去相关条目,这些原因包括会话time-out值过期,检测到TCP FIN或者TCP、RST包等。 如果新的状态条目增加速度超过防火墙删除条目的速度,远程攻击者就可以利用这个问题填满所有状态表缓冲区,导致产生拒绝服务攻击。 攻击者可以发送短小的,大量匹配规则库的包给防火墙,这样新的条目增加就可能超过防火墙删除的速度,状态表就
CVSS Information
N/A
Vulnerability Type
N/A