Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] fwipsec_check_replay error

To: "Kain, Becki (B.)" <[email protected]>
Subject: Re: [FW1] fwipsec_check_replay error
From: CryptoTech <[email protected]>
Date: Tue, 21 Nov 2000 20:48:56 -0500
Cc: [email protected]
References: <[email protected]>
Sender: [email protected]

Becki,
   The new IPSEC drafts, which are used with ISAKMP in FireWall-1 4.0, include a
   replay attack protection mechanism. Each packet has a serial number, which the
   receiver expects to see only once. If the receiver sees a replayed packet, a log
is
   sent and the packet is dropped. In some Ethernet environments under load,
   packets occasionally get replicated, and thus the replay log is generated.

HTH,
CryptoTech

"Kain, Becki (B.)" wrote:

> Hello All:
>
> The box is a solaris 2.6 running 4.0 build 4031.  My fwhmem is set to 32 meg
> and there is 2 gig of physical memory on the box.
>
> these are the three different errors that I'm getting (as seperated by the
> snips):
>
> Nov 19 03:41:22 bob unix: fwipsec_check_replay: packet is a replay 1 11 1fff
> f0
> Nov 19 05:41:19 bob unix: fwipsec_check_replay: packet is a replay 1 5 1f0
> Nov 19 05:41:23 bob unix: fwipsec_check_replay: packet is a replay 1 16 3fff
> ff0
> Nov 19 05:44:00 bob unix: fwipsec_check_replay: packet is a replay 1 3b ffff
> ffff7ffffff
> Nov 19 06:18:57 bob unix: FW-1: Warning: modify for a new entry:
> Nov 19 06:18:57 bob unix:
> Nov 19 06:18:57 bob unix: <c6166902
> Nov 19 06:18:57 bob unix: ,800b
> Nov 19 06:18:57 bob unix: ,13050c14
> Nov 19 06:18:57 bob unix: ,0
> Nov 19 06:18:57 bob unix: ,11
> Nov 19 06:18:57 bob unix: ;0
> Nov 19 06:18:57 bob unix: ,4000
> Nov 19 06:18:57 bob unix: ,0
> Nov 19 06:18:57 bob unix: >  <0 : =0 14>
> [snip]
> Nov 19 18:05:08 bob unix: fwipsec_check_replay: packet is a replay 1 28 ffff
> ffffff
> Nov 19 18:44:59 bob unix: ld_timeout: d=8170 lp=SPI_table tuple=
> Nov 19 18:44:59 bob unix: <7f000001
> Nov 19 18:44:59 bob unix: ,a1b1a78d
> Nov 19 18:44:59 bob unix: @128848990> @(0)
> [snip]
> Nov 20 08:13:57 bob unix: FW-1: fw_kmalloc: out of debug descriptors (8192)
> Nov 20 08:13:57 bob unix:       next 255 messages will be suppressed
>
> I've looked in phoneboy and the checkpoint site and all I've really seen is
> that I don't have enough fwhmem, yet the fw ctl pstat shows that I do.
>
> Any ideas?
>
> thanks
>
> becki kain
>
> ================================================================================
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
> ================================================================================



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] fwipsec_check_replay error
  - From: "Kain, Becki (B.)" <[email protected]>

Prev by Date: Re: [FW1] Virus scan on traffic
Next by Date: Re: [FW1] Question on Install
Previous by thread: [FW1] fwipsec_check_replay error
Next by thread: [FW1] http domain filter
Index(es):
- Date
- Thread