Hmm, what you explained makes sense. What version of NG AI are you using? In my version (NG AI R55 hotfix 12), there is checkbox (SmartDefence - AI - FTP) for "FTP Bounce", and the only sub-configuration item is the 'track' option (e.g. log, alert, snmp trap, etc.). I don't see if there is options for "watch only". Shall I just 'unckcik' FTP bounce? Is this a bad thing to do from the security point of view?
BTW, how come the log message said 'TELNET options bounce' instead of 'FTP Bounce'??? Thanks. -raymond n At 06:39 PM 3/22/05 -0800, cisco4ng wrote: >What it means is that checkpoint tried to read the content inside the ftp session; however, >since the content is "encrypted" via SSL and checkpoint does not know or how to decrypt it, >it will think that this is an "attack" attempt. If you go into smartdefense and under the ftp, go >into FTP bounce, and select "monitor only", your ftp over SSL will work. > >cisco4ng > >Raymond N <[EMAIL PROTECTED]> wrote: >I am using NG AI R55 Hotfix-12 on Nokia platform. >One of my users tries to do SSL over FTP with an external ftp server over >the Internet. The connection failed even at the control session (i.e. no >login prompt). Looking at the firewall log, the rule I have for outbound >ftp shows the traffic is allowed, but at the "Information" column, it has a >message about "Attack info: The packet was modified due to a potential >TELNET OPTIONS Bounce attack". > >Can anyone tell me what this is? Again, the firewall log shows the traffic >is 'permit', but the ftp control session is still failed. > >Thanks in advance for any info. > >-raymond > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > >__________________________________________________ >Do You Yahoo!? >Tired of spam? Yahoo! Mail has the best spam protection around >http://mail.yahoo.com > >================================================= >To set vacation, Out-Of-Office, or away messages, >send an email to [EMAIL PROTECTED] >in the BODY of the email add: >set fw-1-mailinglist nomail >================================================= >To unsubscribe from this mailing list, >please see the instructions at >http://www.checkpoint.com/services/mailing.html >================================================= >If you have any questions on how to change your >subscription options, email >[EMAIL PROTECTED] >================================================= > > ================================================= To set vacation, Out-Of-Office, or away messages, send an email to [EMAIL PROTECTED] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [EMAIL PROTECTED] =================================================
