NETWORK PRESENCE ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT
 


Search
display results
words begin  exact words  any words part 

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Can anyone explain these FW-1 entries?



Fair enough.

But why is the Origin 127.0.0.1 and the Action accept.



-----Original Message-----
From: Javier San Martin [mailto:[email protected]]
Sent: Wednesday, June 05, 2002 10:24 AM
To: [email protected]
Subject: Re: [FW-1] Can anyone explain these FW-1 entries?

Simply, You are experiencing a syn attack. You have the MAD (Malicious
Activity Detection) active, so you are receiving this kind of alams from
the FW.

Check your policy and the implicit rules.

Saludos,

JSM




                    Christopher Collins
                    <[email protected]>                   Para:
[email protected]
                    Enviado por: Mailing list for               cc:
                    discussion of Firewall-1                    Asunto:
[FW-1] Can anyone explain these FW-1 entries?
                    <[email protected]
                    point.com>


                    05/06/2002 10:00 a.m.
                    Por favor, responda a Mailing list
                    for discussion of Firewall-1





This is all the information to go on. All other fields are blank. This is
only an except of the log, there are many more entries.






  num      date     time     orig    type  action  alert   i/f_name i/f_dir
proto product       additionals:

 101258 4-Jun-2002         127.0.0.1 alert accept ![alert]  daemon  inbound
ip     MAD
                   7:34:26
attack=successive_alerts

 121056 4-Jun-2002         127.0.0.1 alert accept ![alert]  daemon  inbound
ip     MAD
                   7:46:43
attack=successive_alerts

 143801 4-Jun-2002         127.0.0.1 alert accept ![alert]  daemon  inbound
ip     MAD
                   7:58:40
attack=successive_alerts

 148916 4-Jun-2002         127.0.0.1 alert accept ![alert]  daemon  inbound
ip     MAD       attack=syn_attack
                   8:00:54

 149080 4-Jun-2002         127.0.0.1 alert accept ![alert]  daemon  inbound
ip     MAD       attack=syn_attack
                   8:00:56

 149237 4-Jun-2002         127.0.0.1 alert accept ![alert]  daemon  inbound
ip     MAD       attack=syn_attack
                   8:00:58

 150354 4-Jun-2002         127.0.0.1 alert accept ![alert]  daemon  inbound
ip     MAD       attack=syn_attack
                   8:01:30

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================



 
----------------------------------

ABOUT SERVICES PRODUCTS TRAINING CONTACT US SEARCH SUPPORT SITE MAP LEGAL
   All contents © 2004 Network Presence, LLC. All rights reserved.