What machine is your ftp server running on ? is something like tcp or udp mtu path discovery activated ? I had that message before, and it was due to udp path mtu discovery, I disabled that and messages did not appear anymore, I think it's due to the fact that that mechanism sends packets with a certain MTU with the DF bit set, normally if the MTU is too high the router/firewall should reply with an icmp message like "fragmentation needed but DF bit set", if the icmp packets are dropped, that is why you may have that kind of errors in the log... We had these problems on AIX with certain versions, but it might occur with other type of systems ...
hope this helps -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] Behalf Of Torkel Mathisen Sent: vendredi 4 avril 2003 9:56 To: [EMAIL PROTECTED] Subject: Re: [FW-1] Passive FTP error , help Well.. Try to fix the icmp problem in SmartDefense. Regards, Torkel > -----Original Message----- > From: Duda, Nick [mailto:[EMAIL PROTECTED] > Sent: 3. april 2003 16:38 > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Passive FTP error , help > > > It's the following line from the destination server trying to > come back > to our firewall that generates the icmp after the passive session is > attempted. > > Nick > > -----Original Message----- > From: Torkel Mathisen [mailto:[EMAIL PROTECTED] > Sent: Thursday, April 03, 2003 2:41 AM > To: [EMAIL PROTECTED] > Subject: Re: [FW-1] Passive FTP error , help > > > I agree. This doesn't look like the line relating to the ftp. > > However; if you want to fix the icmp problem go to > SmartDefense, IP and > ICMP, Max Ping Size and increase that. You probably want to > try with 128 > or something. > > Regards, > Torkel > > > > -----Original Message----- > > From: Reinhard Stich [mailto:[EMAIL PROTECTED] > > Sent: 3. april 2003 08:12 > > To: [EMAIL PROTECTED] > > Subject: Re: [FW-1] Passive FTP error , help > > > > > > hi, > > > > are you sure this is the correct log for ftp? > > > > if you look at the service in this line you will see that this is an > > icmp packet, not tcp (as ftp is). > > > > please re-check your logs. > > > > does "normal" ftp work? do you use a special ftp-client? > > > > cheers > > reinhard > > > > At 16:09 02.04.2003 -0500, you wrote: > > >I have a rule for a user to go out to an Ftp server using > passive-ftp > > > >service, accept and log. All of a sudden he cant connect > anymore, and > > > >the log viewer > > reports on > > >that rule: > > > > > >Attack info: Echo request too long: icmp-type 8; imcp-code: 0; > > > > > >Any ideas? > > > > > >Nick Duda, CCSA > > >Network Administrator > > > > > > > > > > > > > > >================================================= > > >To set vacation, Out Of Office, or away messages, > > >send an email to [EMAIL PROTECTED] > > >in the BODY of the email add: > > >set fw-1-mailinglist nomail > > >================================================= > > >To unsubscribe from this mailing list, > > >please see the instructions at > > >http://www.checkpoint.com/services/mailing.html > > >================================================= > > >If you have any questions on how to change your > > >subscription options, email > > >[EMAIL PROTECTED] > > >================================================= > > > > -- > > Reinhard Stich, ASSIST [EMAIL PROTECTED] > > Internet Security AG, 1190 Wien, Nussdorfer Laende 29-33 > > Tel: +43 1 370 94 40 RS784-RIPE Fax: +43 1 370 94 40-10 > > > > ================================================= > > To set vacation, Out Of Office, or away messages, > > send an email to [EMAIL PROTECTED] > > in the BODY of the email add: > > set fw-1-mailinglist nomail > > ================================================= > > To unsubscribe from this mailing list, > > please see the instructions at > > http://www.checkpoint.com/services/mailing.html > > ================================================= > > If you have any questions on how to change your > > subscription options, email > > [EMAIL PROTECTED] > > ================================================= > > > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > > ================================================= > To set vacation, Out Of Office, or away messages, > send an email to [EMAIL PROTECTED] > in the BODY of the email add: > set fw-1-mailinglist nomail > ================================================= > To unsubscribe from this mailing list, > please see the instructions at > http://www.checkpoint.com/services/mailing.html > ================================================= > If you have any questions on how to change your > subscription options, email > [EMAIL PROTECTED] > ================================================= > ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out Of Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
