Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW1] SYNDefender messages

To: <[email protected]>
Subject: [FW1] SYNDefender messages
From: "Jan Straegaard" <[email protected]>
Date: Wed, 1 Aug 2001 20:43:43 +0200
Importance: Normal
Sender: [email protected]

Hi,

Env: FW1 with SYN Gateway enabled, timeout 10 secs.

In my FW-1 log the following 'reject' messages appear from time to time

1) SYNDefender warning: SYN->SYN/ACK->Timeout
2) SYNDefender warning: SYN->SYN/ACK->RST

Both have been seen with the client outside the firewall and the server
inside. Nr 2 has also been seen with a client inside the firewall and the
server
outside.

After having done some investigation I have come to the conclusions

- that number 1 is logged when no ACK message the client has been seen at
the
firewall after 10 seconds. The reject message is timestamped 10 secs
later that the matching 'accept' which is in accordance with my timeout
value.

- that number 2 is logged when client sends a RST message to the server.
The reject message is also timestamped 10 secs later that the matching
'accept'
in this case. The clients are not likely to wait 10 secs and they don't know
my
timeout value.

Are my conclusions correct?
Why is number 2 always timestamped 10 secs after the 'accept'?

TIA

Best regards
Jan Straegaard



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: RE: [FW1] SecuRemote and browsing network file shares.
Next by Date: Re: [FW1]
Previous by thread: [FW1] SP4 for Aix?
Next by thread: Re: [FW1]
Index(es):
- Date
- Thread