This at least is a reasonable explanation. I would think it would have to do with the lack of keep-alives. If a person visits a web site that has lots of files that need downloaded (graphics for instance) during a normal session, and keep-alives are not enabled (maybe to save resources), you could run into a situation where numerous FIN packets are sent as the connections for each file download are torn down. Making the SonicWALL set false positives. If this is the case I'm a little disappointed in the XPRS2 I have. It's supposed to be stateful. Which means it should keep track of packet sequence numbers, and be able to tell when a FIN packet does or does not match an ongoing connection. I could see this happening if I had hundreds (or thousands) of users hammering away at it. If packets were dropped in this situation, or it got confused every now and again fine. But we have a fairly small number of users.
Jim Grossl Boise, Idaho USA -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] Sent: Tuesday, March 19, 2002 8:19 AM To: [EMAIL PROTECTED] Subject: RE: [SonicWALL]- FIN scan false positives I get them from the BBC site, AOL and a few others. don't know why for sure. but it may have to do with keepalives on the web server. I heard that somewhere. it may not be correct. -----Original Message----- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Jim Grossl Sent: Tue, March 19, 2002 10:01 AM To: '[EMAIL PROTECTED]' Subject: RE: [SonicWALL]- FIN scan false positives --- [This E-mail scanned for viruses by Declude/F-Prot Virus] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
