Threat Level: green Handler on Duty: Johannes Ullrich

SANS ISC: Checkpoint UTM-1 edge VPN boxes worldwide did an unscheduled reboot - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Checkpoint UTM-1 edge VPN boxes worldwide did an unscheduled reboot

We have received reports that Checkpoint UTM-1 devices performed an unscheduled reboot. The initial reports we got indicate that the device rebooted at 10pm EDT on Oct. 30th, which happens to be midnight GMT.

There are several posts on Checkpoint support forums verifying this issue [1][2].

Checkpoint confirmed this problem [3] . According to Checkpoint, the reboot happened because of a timer that will roll over every 13.6 years.

This may be a 32 bit timer counting 1/10 seconds. 429 million seconds works out to just about 13.6 years.


[1] http://www.cpug.org/forums/check-point-utm-1-edge-appliances/14606-all-edge-firewalls-rebooted-10-30-2010-8-58-p-m.html
[2] http://jackofallit.wordpress.com/2010/10/30/checkpointsofaware-flashforward/
[3] http://isc.sans.edu/tag.html?tag=Checkpoint%20UTM1%20unscheduled%20reboot

 

-- Manuel Humberto Santander Peláez | http://twitter.com/manuelsantander | http://manuel.santander.name | msantand at isc dot sans dot org

Manuel Humberto Santander Pelaacuteez

185 Posts
ISC Handler
Not to nitpick, but 10pm EDT = 2am GMT.
Anonymous
there used to be a link to checkpoint's forums, but it's been since replaced with a url that links to this article on sans...
Anonymous
there used to be a link to checkpoint's forums, but it's been since replaced with a url that links to this article on sans...
Anonymous

Sign Up for Free or Log In to start participating in the conversation!