| |
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [FW-1] "th_flags 2 message_info SYN for established connection" Message
- To: [email protected]
- Subject: Re: [FW-1] "th_flags 2 message_info SYN for established connection" Message
- From: "Cihan Subasi (Garanti Teknoloji)" <[email protected]>
- Date: Sat, 26 Jul 2003 15:28:25 +0300
- Reply-to: Mailing list for discussion of Firewall-1 <[email protected]>
- Sender: Mailing list for discussion of Firewall-1 <[email protected]>
- Thread-index: AcNR6hq3cMtFAjwiT/y5IVwwA3FzRABhx8/g
- Thread-topic: [FW-1] "th_flags 2 message_info SYN for established connection" Message
>From a client point of view is that really causing a problem? Or can I leave just a it is..I see that those are all coming from the operator, dont see anything similar to that from different operators ip ranges...
-----Original Message-----
From: John Madden [mailto:[email protected]]
Sent: Thursday, July 24, 2003 4:21 PM
To: [email protected]
Subject: Re: [FW-1] "th_flags 2 message_info SYN for established
connection" Message
If this type of trafic is legitimate, you can try
this.
Modify the user.def file on the management station and
enter the follwing line:
deffunc user_accept_non_syn() { (src=x.x.x.x,
dst=y.y.y.y) };
or if it's always the same port
deffunc user_accept_non_syn() { dport = xx };
or you can try this if on a Nokia platform
modzap fw_reuse_established_conn
$FWDIR/boot/modules/fwmod.o <port>
modzap fw_accept_syn_rst $FWDIR/boot/modules/fwmod.o
<port>
Good luck
--- Haris Klitiropoulos <[email protected]> wrote:
> Hello,
>
> it is not a matter of speed or lack of it, so
> increasing the timeout
> won't fix it. According to the message you get on
> your log, you have an
> already established connection (the 3-way handshake
> for that session has
> been completed). Your firewall intercepts a packet
> of that session that
> has SYN flag enabled and drops it. Packets with the
> SYN flag enabled are
> used only during the initialisation of the TCP
> session and never during
> an already established session. You should check why
> these packets
> appear in the first place. It shouldn't be the
> firewall's fault.
>
> Cihan Subasi (Garanti Teknoloji) wrote:
>
> >Hi,
> >
> >I am getting the message in the subject field (
> th_flags 2 message_info SYN for established
> connection) for some our clients, after doing a
> quick research I found out that those are mostly
> GPRS customers (and I guess they are slower than
> usual), as a solution to that, would it be enough
> to play with "tcpendtimeout" using dbedit or there
> are other things that I need to do? Thanks
> >
>
>***********************************************************
> >Cihan SUBASI
> >Garanti Technology
> >Internet ve Yazilim Hizmetleri
> >Tel:(90)GSM:(90)(533)(2750353)
> >Fax:(90)> >http://www.garantitechnology.com
> <http://www.garantitechnology.com/>
> >mailto:[email protected]
>
>***********************************************************
> >
> >
> >
> >This message and attachments are confidential and
> intended solely for the individual(s) stated in this
> >message.If you received this message although you
> are not the addressee you are responsible to keep
> >confidential the message.The sender has no
> responsibility for the accuracy or correctness of
> the
> >information in the message and its attachments.Our
> company shall have no liability for any changes
> >or late receiving,loss of integrity and
> confidentiality,viruses and any damages caused in
> >anyway to your computer system.
> >
> >Bu mesaj ve ekleri mesajda gonderildigi belirtilen
> kisi/kisilere ozeldir ve gizlidir.Bu mesajin
> muhatabi
> >olmamaniza ragmen tarafiniza ulasmis olmasi halinde
> mesaj iceriginin gizliligi ve bu gizlilik
> yukumlulugune
> >uyulmasi zorunlulugu tarafiniz icin de soz
> konusudur.Mesaj ve eklerinde yer alan bilgilerin
> dogrulugu ve
> >guncelligi konusunda gonderenin ya da sirketimizin
> herhangi bir sorumlulugu bulunmamaktadir.Sirketimiz
> >mesajin ve bilgilerinin size degisiklige ugrayarak
> veya gec ulasmasindan, butunlugunun ve gizliliginin
> >korunamamasindan, virus icermesinden ve bilgisayar
> sisteminize verebilecegi herhangi bir zarardan
> >sorumlu tutulamaz.
> >
> >=================================================
> >To set vacation, Out-Of-Office, or away messages,
> >send an email to [email protected]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >[email protected]
> >=================================================
> >
> >
> >
>
> =================================================
> To set vacation, Out-Of-Office, or away messages,
> send an email to [email protected]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [email protected]
> =================================================
__________________________________
Do you Yahoo!?
Yahoo! SiteBuilder - Free, easy-to-use web site design software
http://sitebuilder.yahoo.com
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
This message and attachments are confidential and intended solely for the individual(s) stated in this
message.If you received this message although you are not the addressee you are responsible to keep
confidential the message.The sender has no responsibility for the accuracy or correctness of the
information in the message and its attachments.Our company shall have no liability for any changes
or late receiving,loss of integrity and confidentiality,viruses and any damages caused in
anyway to your computer system.
Bu mesaj ve ekleri mesajda gonderildigi belirtilen kisi/kisilere ozeldir ve gizlidir.Bu mesajin muhatabi
olmamaniza ragmen tarafiniza ulasmis olmasi halinde mesaj iceriginin gizliligi ve bu gizlilik yukumlulugune
uyulmasi zorunlulugu tarafiniz icin de soz konusudur.Mesaj ve eklerinde yer alan bilgilerin dogrulugu ve
guncelligi konusunda gonderenin ya da sirketimizin herhangi bir sorumlulugu bulunmamaktadir.Sirketimiz
mesajin ve bilgilerinin size degisiklige ugrayarak veya gec ulasmasindan, butunlugunun ve gizliliginin
korunamamasindan, virus icermesinden ve bilgisayar sisteminize verebilecegi herhangi bir zarardan
sorumlu tutulamaz.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [email protected]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[email protected]
=================================================
|
|
