NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [FW1] ssh connections lost



it's not just ssh, also telnet, oracle, etc.

cheers
corne

> I have a situation where ssh connections from inside the fw dies some
> arbitrary time after they were started.
> 
> Doing a sniff on the network (both sides of the fw) reveals 
> the following:
> packets happily flow from the client to the server. At some 
> stage the client
> sends another packet, at which point the server doesn't 
> respond. This is the
> stage where the ssh connection is now dead. The client now 
> sends a bunch of
> retransmits, thinking that the session is still up.
> 
> After the session drops, I see dropped packets in the fw log, 
> with the error
> "unknown established tcp packet". This would indicate that 
> the fw no longer
> has an entry in its state table for that connection.
> 
> But why would the connection disappear from the table? From a 
> network sniff,
> there is no indication that a reset or fin is sent, or 
> anything like that.
> It seems as if the fw is arbitrarily removing that connection.
> 
> Any ideas?
> 
> Regards
> Corne van Dyk
> Dimension Data: Network security engineer
> Tel: +27 21 659 2540
> Fax: +27 21 659 2101
> Helpdesk: +27 21 659 2112
> 
> 
> 
> ==============================================================
> ==================
>      To unsubscribe from this mailing list, please see the 
> instructions at
>                http://www.checkpoint.com/services/mailing.html
> ==============================================================
> ==================


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.