Check Point Firewall-1 Fragmented Packets DoS Vulnerability

Check Point Firewall-1 Fragmented Packets DoS Vulnerability

By sending illegally fragmented packets directly to or routed through Check Point FireWall-1, it is possible to force the firewall to use 100% of available processor time logging these packets. The FireWall-1 rulebase cannot prevent this attack and it is not logged in the firewall logs.