Sure. SynDefender may drop packets if the timeout is too short. The timeout will
determine if the
firewall should perform a RST to the destination. After using it, I think passive
makes more sense
than active since the firewall doesn't "broker" the connection request on behalf of
the destination
and the source.
If the user is on a slow link (<56kbps), then timeouts are a usual occurrence. Also,
remember
HTTP traffic is really have a series of requests that could time out individually and
generate false
positives. Hence, the user may see a frame for a lost picture, some missing text, a
dropped
advertisement (darn!), etc.
I think SynDefender is a good idea but there's no real control to the product other
than the timeout.
There needs to be more robust detection, control, analysis, and response, like an IDS
product
would provide.
David C. Diemer, CCSA, CNE
Enterprise Security Firewall Engineer
Georgia Department of Administrative Services (DOAS)
[EMAIL PROTECTED]
404.651.9677
>>> "John W. Booth" <[EMAIL PROTECTED]> 09/27/00 10:14AM >>>
I am using the Syndefender features with FW-1. I am
seeing alot drops siting rule 0 and Syndefender. Does
anyone know any typical false positives for this type
of behavior ?
__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
