Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Chatter on Port 1996

To: Bob Wallis <[email protected]>
Subject: Re: [FW1] Chatter on Port 1996
From: Beckster <[email protected]>
Date: Fri, 22 Dec 2000 10:23:09 -0600
Cc: [email protected]
References: <00d701c06c1c$81705280$22013c0a@bw2kpro>
Sender: [email protected]

Set up a netcat listener and see what you catch.... ;-)

B.


> Bob Wallis wrote:
> 
> Weird one for you all... FW-1 on Solaris, 1 Internet connection, 3
> DMZs (Web, WAN, and DNS... mostly just because we can...)
> 
> We're seeing 1800 or so drops per day on port 1996 travelling from one
> DMZ interface addresses destined for another interface address.  It's
> pretty consistent traffic - every half-minute or so.  The drop shows
> the packet hitting Rule 0 and the reason is "local interface address
> spoofing".
> 
> Port 1996 is a Cisco SRB port, but we have no Cisco gear in the DMZs
> in question.  Furthermore, I disconnected everything from the source
> DMZ and **STILL SHE WALKS...**
> 
> Check Point says it's got to be the Solaris box, because "nothing
> Check Point does occurs on 1996".  Can't imagine what the heck it is.
> 
> Ugh.  Has ANYBODY out there seen this before?
> 
> Many Thanks...


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

References:
- [FW1] Chatter on Port 1996
  - From: "Bob Wallis" <[email protected]>

Prev by Date: [FW1] Weird http/web browsing not working
Next by Date: [FW1] rule check *ignore*
Previous by thread: [FW1] Chatter on Port 1996
Next by thread: RE: [FW1] Chatter on Port 1996
Index(es):
- Date
- Thread