[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW-1] Can anyone explain these FW-1 entries?
Origin: Which modul has received the packet (or better logged). The Firewall process itself can't detect such attacks, so the cpmad daemon is running for this behaviour. This daemon looks for attacks signature in the logfile itself. You can find additional information about in the Checkpoint Documentation. SAM -----Original Message----- From: Christopher Collins [mailto:[email protected]] Sent: Mittwoch, 5. Juni 2002 16:57 To: [email protected] Subject: Re: [FW-1] Can anyone explain these FW-1 entries? Fair enough. But why is the Origin 127.0.0.1 and the Action accept. -----Original Message----- From: Javier San Martin [mailto:[email protected]] Sent: Wednesday, June 05, 2002 10:24 AM To: [email protected] Subject: Re: [FW-1] Can anyone explain these FW-1 entries? Simply, You are experiencing a syn attack. You have the MAD (Malicious Activity Detection) active, so you are receiving this kind of alams from the FW. Check your policy and the implicit rules. Saludos, JSM Christopher Collins <[email protected]> Para: [email protected] Enviado por: Mailing list for cc: discussion of Firewall-1 Asunto: [FW-1] Can anyone explain these FW-1 entries? <[email protected] point.com> 05/06/2002 10:00 a.m. Por favor, responda a Mailing list for discussion of Firewall-1 This is all the information to go on. All other fields are blank. This is only an except of the log, there are many more entries. num date time orig type action alert i/f_name i/f_dir proto product additionals: 101258 4-Jun-2002 127.0.0.1 alert accept ![alert] daemon inbound ip MAD 7:34:26 attack=successive_alerts 121056 4-Jun-2002 127.0.0.1 alert accept ![alert] daemon inbound ip MAD 7:46:43 attack=successive_alerts 143801 4-Jun-2002 127.0.0.1 alert accept ![alert] daemon inbound ip MAD 7:58:40 attack=successive_alerts 148916 4-Jun-2002 127.0.0.1 alert accept ![alert] daemon inbound ip MAD attack=syn_attack 8:00:54 149080 4-Jun-2002 127.0.0.1 alert accept ![alert] daemon inbound ip MAD attack=syn_attack 8:00:56 149237 4-Jun-2002 127.0.0.1 alert accept ![alert] daemon inbound ip MAD attack=syn_attack 8:00:58 150354 4-Jun-2002 127.0.0.1 alert accept ![alert] daemon inbound ip MAD attack=syn_attack 8:01:30 ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|