[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW1] IP650 crashing / FIN_WAIT_1
I'm hoping someone out there can help me. I'm running an IP650 with IPSO 3.3 and FW-1 SP3. Occasionally, the firewall begins dropping packets, and then shortly after crashes, to the point where we can't even console into it. This morning, as it was occuring I noticed some interesting things. Just prior to the crash, and ever since, I'm receiving the following messages quite often via syslog; Aug 6 11:14:41 <firewall_name_removed> [LOG_CRIT] kernel: FW-1: Warning: modify for a new entry: Aug 6 11:14:41 <firewall_name_removed> [LOG_CRIT] kernel: <c0a82e01,a1,c0a82e1d,0,11;0,4000,0> <0 : =0 22> At first they appeared to be logging randomly, but now it's every five minutes. Also, I ran an fwinfo just prior to the crash, during the packet loss, and I noticed several (thousands) entries in the netstat -na section similar to the following; tcp 0 362 <firewall_IP_removed>.1571 63.209.5.150.80 FIN_WAIT_1 tcp 0 334 <firewall_IP_removed>.1572 63.209.5.150.80 FIN_WAIT_1 tcp 0 417 <firewall_IP_removed>.1573 63.209.5.150.80 FIN_WAIT_1 tcp 0 406 <firewall_IP_removed>.1574 63.209.5.150.80 FIN_WAIT_1 tcp 0 285 <firewall_IP_removed>.1575 63.209.5.140.80 FIN_WAIT_1 tcp 0 385 <firewall_IP_removed>.1577 63.209.5.150.80 FIN_WAIT_1 63.209.5.140 resolves to part of honesty.com, which provides some internet auction services such as counters and things. My first thought was that this was some sort of DOS, but given the source, I doubt it's intentional. Does anyone have any ideas? Thanks in advance! Jeff Jarmoc - CCSA, CCNA, MCSE Network Analyst - Grubb & Ellis*********Internet Email Confidentiality Footer********* This Message may include Confidential Information. DISSEMINATION, DISTRIBUTION OR COPYING OF THIS COMMUNICATION by anyone other than the intended addressee IS PROHIBITED. If you are not the intended addressee of this message (or responsible for delivery of the message to the addressee), please destroy this message and kindly notify the sender by reply email. Thank You ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|