NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] Scan for web-servers




Someone performed a scan of our network, on port 80,
the other day. 
The logs funny, could someone please enlighten me a little?

First I logged a lot of drops by my last "deny all" rule, for
a group of IP addresses.
Then followed drops by rule 0 ("unknown established TCP packet"),
for the same IP addresses, same source port.

Why both rules?

Is there anything in FW-1 that would cause these packets to be logged twice,
or were there simply two packets sent to each IP?

Cheers,
Anders RM :)


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.