Hi John, There is also an ability to flush all current simultaneous connections to your SonicWALL in the diag.html page by performing the following steps: 1. Log into your SonicWALL. 2. Add /diag.html to the end of the URL in the browser's address bar. 3. Click Advanced Prefs. 4. Click Flush Connections.
Darrell Shandrow - Shandrow Communications! Technology consultant/instructor, network/systems administrator! A+, CCNA, Network+! Check out high quality telecommunications services at http://ld.net/?nu7i All the best to coalition forces carrying out Operation Iraqi Freedom! ----- Original Message ----- From: "John Tolmachoff (Lists)" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Monday, August 11, 2003 6:46 PM Subject: RE: [SonicWALL]- Cache Full > By shutting down the workstation, the connections should time out unless you > had it set to never time out. > > You could also restart the firewall. That would kill any connections. > > John Tolmachoff MCSE CSSA > Engineer/Consultant > eServices For You > www.eservicesforyou.com > > > > -----Original Message----- > > From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On > > Behalf Of David McRell > > Sent: Monday, August 11, 2003 6:20 PM > > To: SonicWall List > > Subject: Re: [SonicWALL]- Cache Full > > > > Oh, believe me, I did shut it down. Before I could, though, the > workstation > > logged itself out due to something about RPC - I'll need to check the > event > > log. > > > > My syslog file, starting at about noon (12:05), shows the 'cache full' > > message just prior to dozens and dozens of entries from the XP machine to > > foreign port 135s. > > > > Can I monitor (netstat) the established connections on my XPRS2? I know > > about the diag.html pages. > > > > > > > > John Tolmachoff MCSE CSSA said: > > > > > Shut that workstation off the network now. > > > > > > I most likely has some kind of Trojan or backdoor on it. > > > > > > >> Has anyone seen this, yet? > > >> > > >> 'The cache is full; 3072 open connections; some will be dropped' > > >> > > >> > > >> I guess I'm wondering about new exploits. A PC running XP Pro was > generating > > >> lots of outgoing connections to port 135 when this happened. The > destination > > >> addresses all resided within 93.130.0.0/16. > > > > -- > > DM > > > > --- > > [This E-mail scanned for viruses by Declude/F-Prot AV] > > > > =============================================================== > > ==================================== > > To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email > put > > the following: unsubscribe sonicwall your_name > > The archive of this list is at > http://www.mail-archive.com/sonicwall%40peake.com/ > > > > > --- > [This E-mail scanned for viruses by Declude/F-Prot AV] > > To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name > The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/ > --- [This E-mail scanned for viruses by Declude/F-Prot AV] =================================================================================================== To unsubscribe, send email to [EMAIL PROTECTED] In the body of the email put the following: unsubscribe sonicwall your_name The archive of this list is at http://www.mail-archive.com/sonicwall%40peake.com/
