TCP/UDP "crashing" when Nessus-Scan is running
Hello from munich,
has anybody an idea of what could cause the following behaviour:
When doing a Nessus-Scan from VLAN A to VLAN B after some time (Whether existing or non-existent IP addresses are scanned, regardless of the throttling applied) the whole TCP/UDP communication in ALL VLANs (also those not affected by the scan) go down. BUT: as soon as the scan is stopped it all comes back and is fine again AND the whole time , even when TCP/UPD is "down" as described, pinging (ICMP) is OK.
Has anybody an idea on what that could be ? It must be the Watchguard, as only it has all routes to all networks.
Many thanks and kind regards,
Markus
0
Sign In to comment.
Comments
For the record, what firewall model do you have and what Fireware version is it running?
Anything helpful in Traffic Monitor when the scan starts up?
Its a clustered M590 with v12.12.B733447
No, all you can see are the Packets allowed or denied . No System-errors or similar ...
what puzzles me is that: it looks as if theres a buffer running full or so. But instead of dropping all packets from the causing IP (the "attacker") the WG keeps on trying to deliver it all whilst failing with it and dragging everything with it into the abyss.