NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] strange alert



I am seeing strange alert message from my firewall
log. The destination IP was not the internal IP
address, but somehow firewall had an log entry for it.
Detail of the entry as below:


:
:
Type: alert
Action: accept
Services: tcp-high-ports 
Sources: 13.10.226.1
Destination: 194.13.10.250
Protocol: TCP
Rule: 2883584
Source Port: tcp-high-ports
:
:
xlate_src: 0.16.13.10
xlate_dst: 226.1.194.172
xlate_sports: 270209280
xlate_dports: 11335936
Info: VPN-1 & Firewall-1 module lenNote the large number of rule (I don't have that many
number of rules!), len, source port, destination ports
number. There was also no such NAT rule on the
firewall to translate into the two addresses. 

Could this be a possible attack? 

The version of FW1 is 4.1 patch with SP2, running on
Solaris 2.6.

Please help. Thanks. 





__________________________________________________
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail. 
http://personal.mail.yahoo.com/


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.