> We have PIX 515R with PIX version 5.2.3 installed, and we have the most > eluding problem. > > For the last two days, traffic to certain webservers have been continuosly > affected (some kind of DoS attack) where the webservers stop receving any > traffic, and then they start again. I can usually restart the traffic by > executing "clear xlate" on the pix, or by restarting the webservers. But > this works only for a minute or so. Telnet and other backend servers are > not affected. > > Looking at the pix logs I do not see anything weird. I saw yesterday some > PIX messages refering to an optional IP info rejected by the firewall. I > am going nuts here, does anyone know what is going on?? Could it be an > outside problem?? I have enabled and disabled ipdefarg/fixup > http/floddguard etc.. and nothing works.. Could the syslog have a problem > ?? I even turned it off to check... If this is as sudden as you indicate then first check the statistics on your interfaces. I had a similar problem which was caused by some directly connected external equipment which had started introducing CRC errors. CRC immunity should have been introduced in PIX as of 5.1(2), but ... The statistics should show zero for all non-error values as long as you do not have hubs and other collision introducing equipment attached. Brian. -- Brian B. B. Truelsen, MSc, System Administrator The Maersk Institute, University of Southern Denmark, Odense Campusvej 55, DK-5230 Odense M, Denmark Tel: +45 6550 3542 - Fax: +45 6615 7697 - http://www.mip.sdu.dk - [To unsubscribe, send mail to [EMAIL PROTECTED] with "unsubscribe firewalls" in the body of the message.]
