You're running SYNDefender - all that has happened here is that some box
outside has tried to establish a connection to another box on your internal
network or DMZ, and it didn't respond to the initial SYN-ACK response within
SYNDefender's timeout period. You have two options. You can raise the
timeout period a bit to see if that helps, but doing so generally makes it
easier for someone to synflood your firewall into submission. The other
option is to ignore these errors - if you're only seeing a few of these
per-day, then you're seeing the product of latency or packet loss somewhere
outside your firewall, the client ACK packets not being able to get back to
the server before the timeout. In my experience, a syn timeout of 10 to 20
seconds should be long enough for even very lagged connections. Any higher
and you risk exposing your firewall to synflood DoS.
Scott.
-============================-
Scott McMeekin (x25086)
Senior Technical Analyst
IT Telecoms
The Royal Bank of Scotland
Phone: +44(0)1315235086
Email: [EMAIL PROTECTED]
-============================-
> -----Original Message-----
> From: Fabrice Rousselot [SMTP:[EMAIL PROTECTED]]
> Sent: Monday, March 06, 2000 11:05 AM
> To: [EMAIL PROTECTED]
> Subject: "Reject" from rule 0
>
> *** Warning : This message originates from the Internet ***
>
>
> Hi,
>
> I'm running fw 4.0 (SP4) on Solaris 2.6 and I have been getting "reject"
> log entries from Rule 0
> with connections from outside (info "message SYN -> SYN-ACK -> Timeout").
>
> I read Phoneboy FAQ and other ones, but it didn't help me.
>
> Did anyone encounter the same problem ?
>
> Any help would be appreciated. << File: Card for Fabrice Rousselot >>
The Royal Bank of Scotland plc is registered in Scotland No 90312. Registered Office:
36 St Andrew Square, Edinburgh EH2 2YB.
The Royal Bank of Scotland plc is regulated by IMRO, SFA and Personal Investment
Authority.
This e-mail message is confidential and for use by the addressee only. If the message
is received by anyone other than the addressee, please return the message to the
sender by replying to it and then delete the message from your computer.
'Internet e-mails are not necessarily secure. The Royal Bank of Scotland plc does not
accept responsibility for changes made to this message after it was sent.'
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
