Are you using SYN-Defender? If so, test without to
see if it helps.
Banners greater than 1500 bytes will end up violating
fw1's requirement that the packet end in '0a', thus
terminating.
>From CP site:
The patch consists of a new $FWDIR/lib/base.def file
that includes a fix to the problem (the file is compatible
with Firewall-1 4.0 SP-5, other platforms will be released
as soon as possible). The fix involves an enforcement on
the existence of the newline character at the end of
each packet on the FTP control connection, this will close
off the described vulnerability. It should be noted that this
may cause connectivity problems (i.e., blocked FTP
connections) in the following scenarios:
If FTP control messages larger than the MTU
(e.g., large PWD) are exchanged. If some FTP
clients/servers does not put newline at the end of the line.
When passing FWZ encrypted traffic through an intermediate
Firewall gateway. The enforcement can be easily disabled
by commenting the following line in the base.def file (or by
restoring the original base.def file):
#define FTP_ENFORCE_NL
see http://www.checkpoint.com/techsupport/alerts/pasvftp.html
for more info(this may be wrapped).
Robert
>Hello,
>
>> If PASV is on in policy properties, turn it off.
>> This works the opposite of what it reads.
>
> It hasn't helped. I definetively get more traffic, but nothing
>besides client high numbered and server ftp control.
>
> Thanks for trying anyway! ;)
>
> Regards,
>-- p.
- -
Robert P. MacDonald, Network Engineer
e-Business Infrastructure
G o r d o n F o o d S e r v i c e
Voice: +1.616.261.7987 email: [EMAIL PROTECTED]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
