It seems to have come out in the last update. If that thing is dropping
every nbsession packet between an NT 4 member server and the NT 4 domain
controller, something's broken somewhere.
Oh yeah, it's probably NT. :-)
Ray
From: Shane Presley <[EMAIL PROTECTED]>
Reply-To: Mailing list for discussion of Firewall-1
<[email protected]>
To: [email protected]
Subject: [FW-1] Fwd: [FW-1] SmartDefense drops on 99444
Date: Thu, 13 Oct 2005 19:56:12 -0400
Thanks all.
Yes my problem was the fragmented bind requests. Unchecking that box
fixed the problem. But it seems 99444 should be better documented, it
must be too new. It wasn't listed on the CheckPoint KB article about
the SmartDefense rule # drops.
Thanks again...
Shane
---------- Forwarded message ----------
From: McKinlay, Ken <[EMAIL PROTECTED]>
Date: Oct 13, 2005 5:13 PM
Subject: Re: [FW-1] SmartDefense drops on 99444
To: [email protected]
>
> >From: Shane Presley <[EMAIL PROTECTED]>
> >Reply-To: Mailing list for discussion of Firewall-1
> ><[email protected]>
> >To: [email protected]
> >Subject: [FW-1] SmartDefense drops on 99444
> >Date: Wed, 12 Oct 2005 11:30:18 -0400
> >
> >I'm getting SmartDefense drops on rule 99444.
> >
> >This should be legitimate traffic between a windows server and our
> >domain controller. Do you know which SmartDefense trigger is causing
> >this?
> >
> >Thanks
> >Shane
> >
In R55-AI, check the MS-RPC over CIFS Inspection Properies panel under
SmartDefense. From the text:
"Users of VPN-1 R55W and above and InterSpect will identify fragmented
Bind requests with Attack Information 'MS-RPC over CIFS - Fragmented
Bind detected' on the SmartView Tracker screen. Users of VPN-1 R55 will
identify fragmented Bind requests log with rule no. 99444."
As to what is causing it, I don't know.
Ken McKinlay, GCIA, CISSP
Network Security,
Curtiss-Wright Controls, Embedded Computing
[EMAIL PROTECTED]
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to [EMAIL PROTECTED]
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
[EMAIL PROTECTED]
=================================================
