[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Why does i have many pakets of this type
If you are using Firewall-1 4.1 I would assume that maybe these might pre-established connections that may be timing out? Take a look in the "Info" field and tell me what do you see there? -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=- Larry Pingree Sr. Security Consultant Email: [email protected] SiegeWorks Company WebSite: http://www.siegeworks.com/ Security Installation, Training and Consulting -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=- ----- Original Message ----- From: Hermann Strassner <[email protected]> To: Fw-1 Mailinglist <[email protected]> Sent: Thursday, February 15, 2001 12:24 AM Subject: [FW1] Why does i have many pakets of this type > > Hello all! > > I have a lot of these pakets with high ports and i do not understand why. May someone explain it to me? > > Action Service Source Destination Proto Rule S_Port > "drop" "1684" "ns2.UUNet" "Mailserver" "udp" "29" "nameserver" > "drop" "10933" "marktplatz02.ebay.is-kunden.de" "NS1" "tcp" "29" "http" > "drop" "57896" "mbr-s05.websys.aol.com" "NS1" "tcp" "29" "84" > "drop" "4718" "www03.chip.icpro.de" "NS1" "tcp" "29" "http" > "drop" "3416" "tp160178.adsl.tisnet.net.tw" "Mailserver" "tcp" "29" "smtp" > "drop" "1684" "ns1.UUNet" "Mailserver" "udp" "29" "nameserver" > "drop" "10933" "marktplatz02.ebay.is-kunden.de" "NS1" "tcp" "29" "http" > "drop" "57896" "mbr-s05.websys.aol.com" "NS1" "tcp" "29" "84" > "drop" "4718" "www03.chip.icpro.de" "NS1" "tcp" "29" "http" > "drop" "3416" "tp160178.adsl.tisnet.net.tw" "Mailserver" "tcp" "29" "smtp" > "drop" "1684" "ns2.UUNet" "Mailserver" "udp" "29" "nameserver" > > I have "Accept Established TCP Connections" (Policy / Properties / AccessList)" on first. > SMTP connections and Nameserver traffic are OK, i haven´t noticed anything else. It looks like there is only a small count of the connections dropped. > > These errors are also in times where our Internet connection is not used up, and also with connections that do not go to the Internet, only to the DMZ. > Are there any other possible reasons? > > Hermann > > > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== > ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|