Re: [FW1] Why does i have many pakets of this type

Thu, 15 Feb 2001 11:50:48 -0800 


If you are using Firewall-1 4.1 I would assume that maybe these might
pre-established connections that may be timing out? Take a look in the
"Info" field and tell me what do you see there?



-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
Larry Pingree
Sr. Security Consultant
Email: [EMAIL PROTECTED]

SiegeWorks
Company WebSite: http://www.siegeworks.com/
Security Installation, Training and Consulting
-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
----- Original Message -----
From: Hermann Strassner <[EMAIL PROTECTED]>
To: Fw-1 Mailinglist <[EMAIL PROTECTED]>
Sent: Thursday, February 15, 2001 12:24 AM
Subject: [FW1] Why does i have many pakets of this type


>
> Hello all!
>
> I have a lot of these pakets with high ports and i do not understand why.
May someone explain it to me?
>
> Action  Service Source                           Destination   Proto  Rule
S_Port
> "drop"  "1684"  "ns2.UUNet"                      "Mailserver"  "udp"  "29"
"nameserver"
> "drop"  "10933" "marktplatz02.ebay.is-kunden.de" "NS1"         "tcp"  "29"
"http"
> "drop"  "57896" "mbr-s05.websys.aol.com"         "NS1"         "tcp"  "29"
"84"
> "drop"  "4718"  "www03.chip.icpro.de"            "NS1"         "tcp"  "29"
"http"
> "drop"  "3416"  "tp160178.adsl.tisnet.net.tw"    "Mailserver"  "tcp"  "29"
"smtp"
> "drop"  "1684"  "ns1.UUNet"                      "Mailserver"  "udp"  "29"
"nameserver"
> "drop"  "10933" "marktplatz02.ebay.is-kunden.de" "NS1"         "tcp"  "29"
"http"
> "drop"  "57896" "mbr-s05.websys.aol.com"         "NS1"         "tcp"  "29"
"84"
> "drop"  "4718"  "www03.chip.icpro.de"            "NS1"         "tcp"  "29"
"http"
> "drop"  "3416"  "tp160178.adsl.tisnet.net.tw"    "Mailserver"  "tcp"  "29"
"smtp"
> "drop"  "1684"  "ns2.UUNet"                      "Mailserver"  "udp"  "29"
"nameserver"
>
> I have "Accept Established TCP Connections" (Policy / Properties /
AccessList)" on first.
> SMTP connections and Nameserver traffic are OK, i haven´t noticed anything
else. It looks like there is only a small count of the connections dropped.
>
> These errors are also in times where our Internet connection is not used
up, and also with connections that do not go to the Internet, only to the
DMZ.
> Are there any other possible reasons?
>
> Hermann
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to