Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Why does i have many pakets of this type

To: "Hermann Strassner" <[email protected]>, "Fw-1 Mailinglist" <[email protected]>
Subject: Re: [FW1] Why does i have many pakets of this type
From: "Larry Pingree" <[email protected]>
Date: Thu, 15 Feb 2001 11:53:18 -0800
Organization: SiegeWorks
References: <[email protected]>
Sender: [email protected]

If you are using Firewall-1 4.1 I would assume that maybe these might
pre-established connections that may be timing out? Take a look in the
"Info" field and tell me what do you see there?



-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
Larry Pingree
Sr. Security Consultant
Email: [email protected]

SiegeWorks
Company WebSite: http://www.siegeworks.com/
Security Installation, Training and Consulting
-=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
----- Original Message -----
From: Hermann Strassner <[email protected]>
To: Fw-1 Mailinglist <[email protected]>
Sent: Thursday, February 15, 2001 12:24 AM
Subject: [FW1] Why does i have many pakets of this type


>
> Hello all!
>
> I have a lot of these pakets with high ports and i do not understand why.
May someone explain it to me?
>
> Action  Service Source                           Destination   Proto  Rule
S_Port
> "drop"  "1684"  "ns2.UUNet"                      "Mailserver"  "udp"  "29"
"nameserver"
> "drop"  "10933" "marktplatz02.ebay.is-kunden.de" "NS1"         "tcp"  "29"
"http"
> "drop"  "57896" "mbr-s05.websys.aol.com"         "NS1"         "tcp"  "29"
"84"
> "drop"  "4718"  "www03.chip.icpro.de"            "NS1"         "tcp"  "29"
"http"
> "drop"  "3416"  "tp160178.adsl.tisnet.net.tw"    "Mailserver"  "tcp"  "29"
"smtp"
> "drop"  "1684"  "ns1.UUNet"                      "Mailserver"  "udp"  "29"
"nameserver"
> "drop"  "10933" "marktplatz02.ebay.is-kunden.de" "NS1"         "tcp"  "29"
"http"
> "drop"  "57896" "mbr-s05.websys.aol.com"         "NS1"         "tcp"  "29"
"84"
> "drop"  "4718"  "www03.chip.icpro.de"            "NS1"         "tcp"  "29"
"http"
> "drop"  "3416"  "tp160178.adsl.tisnet.net.tw"    "Mailserver"  "tcp"  "29"
"smtp"
> "drop"  "1684"  "ns2.UUNet"                      "Mailserver"  "udp"  "29"
"nameserver"
>
> I have "Accept Established TCP Connections" (Policy / Properties /
AccessList)" on first.
> SMTP connections and Nameserver traffic are OK, i haven´t noticed anything
else. It looks like there is only a small count of the connections dropped.
>
> These errors are also in times where our Internet connection is not used
up, and also with connections that do not go to the Internet, only to the
DMZ.
> Are there any other possible reasons?
>
> Hermann
>
>
>
>
============================================================================
====
>      To unsubscribe from this mailing list, please see the instructions at
>                http://www.checkpoint.com/services/mailing.html
>
============================================================================
====
>



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Follow-Ups:
- RE: [FW1] Why does i have many pakets of this type
  - From: "Hermann Strassner" <[email protected]>

References:
- [FW1] Why does i have many pakets of this type
  - From: "Hermann Strassner" <[email protected]>

Prev by Date: Re: [FW1] SecuRemote connects to which fw interface (again)?
Next by Date: Re: [FW1] Authentication question
Previous by thread: [FW1] Why does i have many pakets of this type
Next by thread: RE: [FW1] Why does i have many pakets of this type
Index(es):
- Date
- Thread