[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] Scan for web-servers
Someone performed a scan of our network, on port 80, the other day. The logs funny, could someone please enlighten me a little? First I logged a lot of drops by my last "deny all" rule, for a group of IP addresses. Then followed drops by rule 0 ("unknown established TCP packet"), for the same IP addresses, same source port. Why both rules? Is there anything in FW-1 that would cause these packets to be logged twice, or were there simply two packets sent to each IP? Cheers, Anders RM :) ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|