RE: [FW1] SYNDefender

Reed Mohn, Anders Mon, 28 Aug 2000 02:16:40 -0700

Simon, 
I've included a section of our log.
This particular instance is from
an external client into our web-server.

Can anyone tell me why those "RST" (reset?)
messages are sent?
Is it safe to ignore them?
As I said, this started popping up after I enabled the
SYNDefender. If this is normal traffic, why is this picked up by it?

Cheers, 
Anders :=)
P.S.
This is a little wide, lines are about 90 char, tab separated.


Time            Action  Source  Dest                    Comment
15:35:06        accept  195.70.x.y      193.216.148.226  len 60
15:35:07        accept  195.70.x.y      193.216.148.226  len 60
15:35:08        accept  195.70.x.y      193.216.148.226  len 60
15:35:08        accept  195.70.x.y      193.216.148.226  len 60
15:35:08        accept  195.70.x.y      193.216.148.226  len 60
15:35:20        accept  195.70.x.y      193.216.148.226  len 60
15:35:20        accept  195.70.x.y      193.216.148.226  len 60
15:35:21        accept  195.70.x.y      193.216.148.226  len 60
15:35:21        accept  195.70.x.y      193.216.148.226  len 60
15:35:21        accept  195.70.x.y      193.216.148.226  len 60
15:35:21        accept  195.70.x.y      193.216.148.226  len 60
15:35:21        accept  195.70.x.y      193.216.148.226  len 60
15:35:21        accept  195.70.x.y      193.216.148.226  len 60
15:35:21        accept  195.70.x.y      193.216.148.226  len 60
15:35:21        accept  195.70.x.y      193.216.148.226  len 60
15:35:21        accept  195.70.x.y      193.216.148.226  len 60
15:35:54        reject  195.70.x.y      193.216.148.226  message SYN ->
SYN-ACK -> RST
15:35:54        reject  195.70.x.y      193.216.148.226  message SYN ->
SYN-ACK -> RST
15:35:54        reject  195.70.x.y      193.216.148.226  message SYN ->
SYN-ACK -> RST
15:35:54        reject  195.70.x.y      193.216.148.226  message SYN ->
SYN-ACK -> RST
15:35:54        reject  195.70.x.y      193.216.148.226  message SYN ->
SYN-ACK -> RST
15:35:54        reject  195.70.x.y      193.216.148.226  message SYN ->
SYN-ACK -> RST
15:35:59        accept  195.70.x.y      193.216.148.226  len 60
15:35:59        accept  195.70.x.y      193.216.148.226  len 60
15:35:59        accept  195.70.x.y      193.216.148.226  len 60
15:35:59        accept  195.70.x.y      193.216.148.226  len 60
15:36:00        accept  195.70.x.y      193.216.148.226  len 60
15:36:00        accept  195.70.x.y      193.216.148.226  len 60
15:36:02        accept  195.70.x.y      193.216.148.226  len 60
15:36:11        reject  195.70.x.y      193.216.148.226  message SYN ->
SYN-ACK -> RST
15:36:11        reject  195.70.x.y      193.216.148.226  message SYN ->
SYN-ACK -> RST
15:36:11        reject  195.70.x.y      193.216.148.226  message SYN ->
SYN-ACK -> RST
15:37:28        accept  195.70.x.y      193.216.148.226  len 60
15:40:06        accept  195.70.x.y      193.216.148.226  len 60
15:40:08        accept  195.70.x.y      193.216.148.226  len 60
15:40:18        reject  195.70.x.y      193.216.148.226  message SYN ->
SYN-ACK -> RST
15:40:56        accept  195.70.x.y      193.216.148.226  len 60
15:41:38        accept  195.70.x.y      193.216.148.226  len 60



================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================
RE: [FW1] SYNDefender

Reply via email to
