[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Chatter on Port 1996
Set up a netcat listener and see what you catch.... ;-) B. > Bob Wallis wrote: > > Weird one for you all... FW-1 on Solaris, 1 Internet connection, 3 > DMZs (Web, WAN, and DNS... mostly just because we can...) > > We're seeing 1800 or so drops per day on port 1996 travelling from one > DMZ interface addresses destined for another interface address. It's > pretty consistent traffic - every half-minute or so. The drop shows > the packet hitting Rule 0 and the reason is "local interface address > spoofing". > > Port 1996 is a Cisco SRB port, but we have no Cisco gear in the DMZs > in question. Furthermore, I disconnected everything from the source > DMZ and **STILL SHE WALKS...** > > Check Point says it's got to be the Solaris box, because "nothing > Check Point does occurs on 1996". Can't imagine what the heck it is. > > Ugh. Has ANYBODY out there seen this before? > > Many Thanks... ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|