Search

	display results
words begin exact words any words part

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW-1] TCP Sequence validator problem

To: [email protected]
Subject: Re: [FW-1] TCP Sequence validator problem
From: Marc Elsen <[email protected]>
Date: Thu, 6 Feb 2003 15:37:22 +0100
Organization: IMEC
References: <002801c2cdc2$28760d50$2d08220a@ISD4745>
Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
Sender: Mailing list for discussion of Firewall-1 <[email protected]>

> Dave Whitehouse wrote:
>
> I am getting a lot of errors reported in the log as follows:
>
> "TCP sequence validator: dropped packet with data out of window;"
>
> The firewall is Solaris 8 and NG FP2.
>
> I have disabled the logging TCP sequence out of state errors in the
> global properties.
>
> Has anyone else seen this and has any one got any ideas how to get rid
> of it ?

  Probably by disabling the sequence verifier for TCP in SmartDefense
 settings (I am on FP3). Or in FW. properties whatever the FP2
 term would be (God bless).

 I have been experimenting a  little bit the with the sequence
 verifier in FP3.
 I noticed the same thing as you , when initially using it
 with default options for packets originating from my web cache
 box (squid) going to remote webservers on the internet.

 Since, this box has been working flawless for years. I decided
 that Mr. 'Sequence verifier' may not always behave correct.

 I then changed the 'Track on' value from 'anomalous' to suspicous , and
 it didn't complain anymore in the logviewer.

 Not that disabling logging of actions of this facility may in
 case of wrong behavior to you not noticing thet fw-1 is dropping
 packets which should not be dropped.

 M.
>
> We have a packet shaping device on one side of the firewall and
> wondered if this could be causing the problem as alters the windowing
> of packets.
>
> Any thoughts would be appreciated.
>
> Regards
>
> Dave Whitehouse

--

 'Time is a consequence of Matter thus
 General Relativity is a direct consequence of QM
 (M.E. Mar 2002)

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================

Follow-Ups:
- Re: [FW-1] TCP Sequence validator problem
  - From: Dave Whitehouse <[email protected]>

References:
- [FW-1] TCP Sequence validator problem
  - From: Dave Whitehouse <[email protected]>

Prev by Date: Re: [FW-1] Fragementation Problem Fix
Next by Date: Re: [FW-1] Downgrading from FP3 to FP2
Previous by thread: [FW-1] TCP Sequence validator problem
Next by thread: Re: [FW-1] TCP Sequence validator problem
Index(es):
- Date
- Thread