Set up a netcat listener and see what you catch.... ;-)
B.
> Bob Wallis wrote:
>
> Weird one for you all... FW-1 on Solaris, 1 Internet connection, 3
> DMZs (Web, WAN, and DNS... mostly just because we can...)
>
> We're seeing 1800 or so drops per day on port 1996 travelling from one
> DMZ interface addresses destined for another interface address. It's
> pretty consistent traffic - every half-minute or so. The drop shows
> the packet hitting Rule 0 and the reason is "local interface address
> spoofing".
>
> Port 1996 is a Cisco SRB port, but we have no Cisco gear in the DMZs
> in question. Furthermore, I disconnected everything from the source
> DMZ and **STILL SHE WALKS...**
>
> Check Point says it's got to be the Solaris box, because "nothing
> Check Point does occurs on 1996". Can't imagine what the heck it is.
>
> Ugh. Has ANYBODY out there seen this before?
>
> Many Thanks...
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
