NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Date: Fri, 24 Nov 2000 09:08:27 -0700



We have a lot of "message SYNDefender warning SYN->SYN-ACK->RST" in fw log.
The SRC is an internal machine and the DST is the internal IP of the FW. The
src port is the ahttpd. This internal machine uses http to access internet
with http resource and a CVP server. The log entries are like:

Inter.=daemon    Action=reject    Src=internal-box    Dst=FW-internal-IP
Rule=0  info.= the sync warning as above.

When turn off the Passive Sync Gateway. The error changed to:

Inter.= -->internal-interface    Action=drop   Src=internal-box
Dst=FW-internal-IP   Rule=stealth rule  info.= len40

The FAQ in TLA site indicates this is related to the passive sync defender
but there is no  work around suggested. (See
http://www.tla.ch/TLA/FW/FW1FAQ.html#log%20file)

My questions are:

1. Why our internal box aware the existence of the FW?
2. HTTP secure server in.ahttpd is listening to a high port and anyone can
connect if there is not a stealth rule. Why this is need? We are not running
the secure server as proxy.
3. Is there a solution/workaround for the syndefender message? I am sure our
internal box will not DOS the FW.

Ken


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.