Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[FW-1] MAD/SYNDefender kickin with NAT?

To: [email protected]
Subject: [FW-1] MAD/SYNDefender kickin with NAT?
From: "Ruud, Dag Andreas" <[email protected]>
Date: Wed, 4 Sep 2002 17:57:05 +0200
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

I have a FW-1 4.1 set up to use NAT for a lot of inside clients (500-1000),
that share a single external IP address. SYNDefender is running in SYN
Gateway mode, with 10K max sessions and 15 sec timeout. MAD is running with
default settings.

I experience a lot of SYNDefender warning messages ("SYN --> SYN-ACK -->
RST"), but that is expected from surfing activity, timed-out sessions etc.
What I don't expect, is MAD kicking in. I haven't had any earlier, but now I
start getting "MAD: additionals: attack=syn_attack" messages, with no info
except "Proto. = IP".

Is this just a consequence of a large rate of dropped connections etc that
trigger the MAD threshold for SYN attacks, or do I have something to worry
about?


Cheers,

--
Dag Andreas Ruud


##################################################
The information contained in this email and any files transmitted
with it are confidential and may be legally privileged. It is
intended solely for the use of the individual or entity to whom
they are addressed (or meant to be addressed to).
  If you are not the intended recipient or the person responsible
for delivering the email to the intended recipient, be advised
that you have received this email in error and that any use,
dissemination, forwarding, printing, or copying of this email or
any action in reliance upon it is strictly prohibited and may be
unlawful.
  If you have received this email in error please notify KPMG
Norway  IT function by telephone at +47 2109 2320 and
delete all copies of this e-mail message and any attachments
from all computers.
  KPMG is neither liable for the proper, complete transmission
of the information contained in this communication nor any
delay in its receipt.
  When addressed to our clients any opinions or advice
contained in this email are subject to the terms and conditions
expressed in the governing KPMG client engagement letter.
##################################################
This E-mail message has been checked for computer viruses by KPMG.
##################################################

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Prev by Date: Re: [FW-1] CheckPoint NG and Address Translation Rules
Next by Date: [FW-1] SV: [FW-1] AW: [FW-1] Popen failed
Previous by thread: Re: [FW-1] Weird issues with VPN / SecuRemote on NG FP1
Next by thread: [FW-1] SV: [FW-1] AW: [FW-1] Popen failed
Index(es):
- Date
- Thread