Users from a "specific remote site" attempting to access our web server are denied access. After checking the intrusion log on the firewall I can see that the TCP Port Scan detection has denied access to these individuals, as it should for attempting to open many TCP ports. Looking into the cause I can see via "TCP NetMonitor" that webserver connections to and or from this particular site result in opening numerous TCP connections simultaneously, about 20 initially. In comparison to connections made to other webservers, 20 is to way more than the usual two or sometimes three. In addition I noticed that the TCP/TimeWait state does not drop off right away, usually taking about two to four minutes versus seconds with any other site. I "temporarily" increased the amount of TCP connections to "any one node" to twenty connections to our webserver. However I am still yielding the same results. I am inclined to believe that the problem is specific to this particular site since no others has this problem. Q: Has anyone seen or heard of this and what is the fix ? Randal Cruz Network Technician - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
