What version are you using? And what service pack? At this point I am not
sure. Also, are you using anti-spoofing? or maybe syndefender?
-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
Larry Pingree
Sr. Security Consultant
Email: [EMAIL PROTECTED]
SiegeWorks
Company WebSite: http://www.siegeworks.com/
Security Installation, Training and Consulting
-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
----- Original Message -----
From: Hermann Strassner <[EMAIL PROTECTED]>
To: Fw-1 Mailinglist <[EMAIL PROTECTED]>
Sent: Thursday, February 15, 2001 1:50 PM
Subject: RE: [FW1] Why does i have many pakets of this type
>
> Hello Larry,
>
> i think you are right. But why does i have so many of these packets? What
could be the reason for this?
>
> The info filed says only: "len xx".
>
> best regards
> Hermann
>
> > -----Original Message-----
> > From: Larry Pingree [mailto:[EMAIL PROTECTED]]
> > Sent: Thursday, February 15, 2001 8:53 PM
> > To: Hermann Strassner; Fw-1 Mailinglist
> > Subject: Re: [FW1] Why does i have many pakets of this type
> >
> >
> > If you are using Firewall-1 4.1 I would assume that maybe these might
> > pre-established connections that may be timing out? Take a look in the
> > "Info" field and tell me what do you see there?
> >
> >
> >
> > -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
> > Larry Pingree
> > Sr. Security Consultant
> > Email: [EMAIL PROTECTED]
> >
> > SiegeWorks
> > Company WebSite: http://www.siegeworks.com/
> > Security Installation, Training and Consulting
> > -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
> > ----- Original Message -----
> > From: Hermann Strassner <[EMAIL PROTECTED]>
> > To: Fw-1 Mailinglist <[EMAIL PROTECTED]>
> > Sent: Thursday, February 15, 2001 12:24 AM
> > Subject: [FW1] Why does i have many pakets of this type
> >
> >
> > >
> > > Hello all!
> > >
> > > I have a lot of these pakets with high ports and i do not
> > understand why.
> > May someone explain it to me?
> > >
> > > Action Service Source Destination
> > Proto Rule
> > S_Port
> > > "drop" "1684" "ns2.UUNet" "Mailserver"
> > "udp" "29"
> > "nameserver"
> > > "drop" "10933" "marktplatz02.ebay.is-kunden.de" "NS1"
> > "tcp" "29"
> > "http"
> > > "drop" "57896" "mbr-s05.websys.aol.com" "NS1"
> > "tcp" "29"
> > "84"
> > > "drop" "4718" "www03.chip.icpro.de" "NS1"
> > "tcp" "29"
> > "http"
> > > "drop" "3416" "tp160178.adsl.tisnet.net.tw" "Mailserver"
> > "tcp" "29"
> > "smtp"
> > > "drop" "1684" "ns1.UUNet" "Mailserver"
> > "udp" "29"
> > "nameserver"
> > > "drop" "10933" "marktplatz02.ebay.is-kunden.de" "NS1"
> > "tcp" "29"
> > "http"
> > > "drop" "57896" "mbr-s05.websys.aol.com" "NS1"
> > "tcp" "29"
> > "84"
> > > "drop" "4718" "www03.chip.icpro.de" "NS1"
> > "tcp" "29"
> > "http"
> > > "drop" "3416" "tp160178.adsl.tisnet.net.tw" "Mailserver"
> > "tcp" "29"
> > "smtp"
> > > "drop" "1684" "ns2.UUNet" "Mailserver"
> > "udp" "29"
> > "nameserver"
> > >
> > > I have "Accept Established TCP Connections" (Policy / Properties /
> > AccessList)" on first.
> > > SMTP connections and Nameserver traffic are OK, i haven´t
> > noticed anything
> > else. It looks like there is only a small count of the
> > connections dropped.
> > >
> > > These errors are also in times where our Internet connection is not
used
> > up, and also with connections that do not go to the Internet, only to
the
> > DMZ.
> > > Are there any other possible reasons?
> > >
> > > Hermann
>
>
>
>
============================================================================
====
> To unsubscribe from this mailing list, please see the instructions at
> http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
