[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Firewall logs
I have not been to that site, nor anyone I know, but I will venture a guess that this machine is sending you, either maliciously, or benignly, syn/ack or ack packets of a connection long closed on the firewall. The server on their end may be unaware of it's actions, or it may be maliciously trying to establish a connection with your server. Since version 4.1 SP2 you can not initiate a connection with any packet other than a syn. Check out Lance's webpage on the state table: http://www.enteract.com/~lspitz/fwtable.html Hope that helps.. -----Original Message----- From: [email protected] [mailto:[email protected]] Sent: Wednesday, February 20, 2002 11:24 PM To: [email protected] Subject: [FW-1] Firewall logs Hello, This may be a little out of the subject matter but but u guys are the best to answer this. Last 13th one of our staff has accesed a website called www.bravenet.com and ever since (6 days now) a server from their domain "arrowrev.bravenet.com" it is trying to connect in to my proxy server http port every 2 minutes. My fw is dropping the packet on rule 0 with "unknown established TCP packet". My firewall only allows my internal clients to access my proxy. Therefore any attempt to access the proxy by any other machine should be dropped by the clean up rule. So I have 2 issues 1. Has anyone come across this web site trying to connect to internal machines?. If so any explanations? 2. Why does the fw drop the connection with "unknown established TCP packet" ?. The Secureknowladge site says "This message refers to a reply packet from an established connection for which FireWall-1 has no state information saved. " . Then why does it allow to establish a initial connection since this connection should never have been made as it is not allowed to access the proxy server ? Thanks in advance Nishan ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|