Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] Firewall syslog entries

To: [email protected]
Subject: Re: [FW-1] Firewall syslog entries
From: Sadir Al-khafaji <[email protected]>
Date: Sat, 24 Aug 2002 18:30:42 +0200
Organization: GIS
References: <[email protected]>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>
User-agent: Mozilla/5.0 (Windows; U; Win98; en-US; rv:1.0rc2) Gecko/20020512 Netscape/7.0b1

It is a normal behavior, you just have extra debuuging on. The firewall
controles against it's database if  this ip addy has ever traversed yout
firewall AFAIK. Maybe someone else has other ideas about it.

/// Sadir

Dunn, Dan, CTR, OSD-ATL wrote:

Gang,
I was looking at my firewall module syslog file, and came across the
following entries (sanitized for your protection):
Jul 31 13:38:47 firewall-hostname unix: FW-1: Warning: modify for a
new entry:
Jul 31 13:38:47 firewall-hostname

Jul 31 13:38:47 firewall-hostname unix: <(hexadecimal IP address)

Jul 31 13:38:47 firewall-hostname unix: ,4ac

Jul 31 13:38:47 firewall-hostname unix: ,(another hexadecimal IP address)

Jul 31 13:38:47 firewall-hostname unix: ,0

Jul 31 13:38:47 firewall-hostname unix: ,11

Jul 31 13:38:47 firewall-hostname unix: ;0

Jul 31 13:38:47 firewall-hostname unix: ,4000

Jul 31 13:38:47 firewall-hostname unix: ,0

Jul 31 13:38:47 firewall-hostname unix: > <0 : =0 22>
There are numerous instances of this, with different hex IP addresses
and what appear to be hex port numbers (the two- and three-digit
entries).  Has anyone else seen this, and what does it mean?  I'm
running CP 2000 on Solaris 7.
Thanks,

Dan
Daniel R. (Dan) Dunn, EE, CISSP, CCSA/CCSE
Firewall Administrator
Office of the Under Secretary of Defense - Acquisition, Technology &
Logistics (OUSD(AT&L))
Principal Information Assurance Engineer, AT&T Government Solutions
p:, ext 500
f:
The opinions expressed by the author are entirely his own, and do not
reflect those of AT&T Government Solutions or its subsidiaries, nor do
they reflect policy, opinion, or endorsement by the US Department of
Defense or any of its agencies.


=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Next by Date: Re: [FW-1] fw reboot when doing secureclient site update !!!!
Next by thread: Re: [FW-1] fw reboot when doing secureclient site update !!!!
Index(es):
- Date
- Thread