Re: [FW-1] Passive FTP error , help

Thu, 03 Apr 2003 07:47:38 -0800 

Here are the 2 long entries.. The first is the user making the ftp
connection, and immiediatley followed is the external server response.


Number:                                 676013
Date:                                    3Apr2003
Time:                                   9:39:17
Product:                                VPN-1 & FireWall-1
Interface:                              FA3116
Origin:                                 our firewall
Type:                                   Log
Action:                                 Accept
Service:                                ftp
Source:                                 userX
Destination:                            external server
Protocol:                               tcp
Rule:                                   16
NAT rule number:                        21
NAT additional rule number:             0
Source Port:                            1283
XlateSrc:                               betty
XlateSPort:                             23099

Number:                 676014
Date:                    3Apr2003
Time:                   9:39:17
Product:                SmartDefense
Interface:              EL90BC0
Origin:                 our firewall
Type:                   Log
Action:                 Drop
Source:                 external server
Destination:            our firewall
Protocol:               icmp
Attack Name:            Large ping
Information:            Attack Info: Echo request too long
                icmp-type: 8
                icmp-code: 0


-----Original Message-----
From: Torkel Mathisen [mailto:[EMAIL PROTECTED]
Sent: Thursday, April 03, 2003 2:41 AM
To: [EMAIL PROTECTED]
Subject: Re: [FW-1] Passive FTP error , help


I agree. This doesn't look like the line relating to the ftp.

However; if you want to fix the icmp problem go to SmartDefense, IP and
ICMP, Max Ping Size and increase that. You probably want to try with 128
or something.

Regards,
Torkel


> -----Original Message-----
> From: Reinhard Stich [mailto:[EMAIL PROTECTED]
> Sent: 3. april 2003 08:12
> To: [EMAIL PROTECTED]
> Subject: Re: [FW-1] Passive FTP error , help
>
>
> hi,
>
> are you sure this is the correct log for ftp?
>
> if you look at the service in this line you will see that this is an
> icmp packet, not tcp (as ftp is).
>
> please re-check your logs.
>
> does "normal" ftp work? do you use a special ftp-client?
>
> cheers
> reinhard
>
> At 16:09 02.04.2003 -0500, you wrote:
> >I have a rule for a user to go out to an Ftp server using passive-ftp

> >service, accept and log. All of a sudden he cant connect anymore, and

> >the log viewer
> reports  on
> >that rule:
> >
> >Attack info: Echo request too long: icmp-type 8; imcp-code: 0;
> >
> >Any ideas?
> >
> >Nick Duda, CCSA
> >Network Administrator
> >
> >
> >
> >
> >=================================================
> >To set vacation, Out Of Office, or away messages,
> >send an email to [EMAIL PROTECTED]
> >in the BODY of the email add:
> >set fw-1-mailinglist nomail
> >=================================================
> >To unsubscribe from this mailing list,
> >please see the instructions at
> >http://www.checkpoint.com/services/mailing.html
> >=================================================
> >If you have any questions on how to change your
> >subscription options, email
> >[EMAIL PROTECTED]
> >=================================================
>
> --
> Reinhard Stich,   ASSIST    [EMAIL PROTECTED]
> Internet Security AG, 1190 Wien, Nussdorfer Laende 29-33
> Tel: +43 1 370 94 40  RS784-RIPE Fax: +43 1 370 94 40-10
>
> =================================================
> To set vacation, Out Of Office, or away messages,
> send an email to [EMAIL PROTECTED]
> in the BODY of the email add:
> set fw-1-mailinglist nomail
> =================================================
> To unsubscribe from this mailing list,
> please see the instructions at
> http://www.checkpoint.com/services/mailing.html
> =================================================
> If you have any questions on how to change your
> subscription options, email
> [EMAIL PROTECTED]
> =================================================
>

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

=================================================
To set vacation, Out Of Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================

Reply via email to