Chris, What I would check is the SmartDefense setting, under Network Security you have the Dynamic Ports ... In that you can check I you want to allow or not connections to these 'well known' ports above 1024.
Met vriendelijke groeten - Bien � vous - Kind regards Guy ROELANDTS EMEA HPS Internet Expertise Centre - CCSE-NG Hewlett-Packard Belgium B.V.B.A./S.P.R.L. E-mail : [EMAIL PROTECTED] Tel: +32(02)729.85.61 Fax: +32(02)729.77.65 ========================================================== This message may contain confidential and/or proprietary information, and is intended only for the person/entity to whom it was originally addressed. The content of this message may contain private views and opinions which do not constitute a formal disclosure or commitment unless specifically stated. Should you receive this message by mistake please inform the sender immediately. ========================================================== -----Original Message----- From: Mailing list for discussion of Firewall-1 [mailto:[EMAIL PROTECTED] On Behalf Of Covington, Chris Sent: Thursday, January 29, 2004 22:32 To: [EMAIL PROTECTED] Subject: [FW-1] Exchange/Active Directory and "tried to open a known service port, protocol: tcp, port_svc: Kaos/WinHole" Hi all, We're having an issue with a site-to-site SecurePlatform R55 to SecurePlatform R55 VPN which affects Outlook clients accessing an Exchange 2003 server over the VPN (and also seems to drop communications between Windows 2000 Active Directory domain controllers over the VPN). The log event is: Number: 3741 Date: 29Jan2004 Time: 15:58:38 Product: SmartDefense Interface: eth1 Origin: fw-1 (x.x.x.x) Type: Log Action: Drop Protocol: tcp Service: 135 Source: bigcombo.plusone.com (192.168.2.34) Destination: mars.plusone.com (192.168.6.4) Source Port: 1149 Attack Name: Dynamic Ports Information: reason: tried to open a known service port, protocol: tcp port_svc: Kaos Number: 3799 Date: 29Jan2004 Time: 16:27:20 Product: SmartDefense Interface: eth1 Origin: fw-1 (x.x.x.x) Type: Log Action: Drop Protocol: tcp Service: 135 Source: saturn (192.168.2.5) Destination: mars.plusone.com (192.168.6.4) Source Port: 3622 Attack Name: Dynamic Ports Information: reason: tried to open a known service port, protocol: tcp port_svc: WinHole The ports are all totally random and above 1024, though the service port is always 135. The errors are all port_svc: Kaos or port_svc: WinHole. What can I do to allow this communication? thanks Chris ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] ================================================= ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
