Hello Larry,
i think you are right. But why does i have so many of these packets? What could be the
reason for this?
The info filed says only: "len xx".
best regards
Hermann
> -----Original Message-----
> From: Larry Pingree [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, February 15, 2001 8:53 PM
> To: Hermann Strassner; Fw-1 Mailinglist
> Subject: Re: [FW1] Why does i have many pakets of this type
>
>
> If you are using Firewall-1 4.1 I would assume that maybe these might
> pre-established connections that may be timing out? Take a look in the
> "Info" field and tell me what do you see there?
>
>
>
> -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
> Larry Pingree
> Sr. Security Consultant
> Email: [EMAIL PROTECTED]
>
> SiegeWorks
> Company WebSite: http://www.siegeworks.com/
> Security Installation, Training and Consulting
> -=-=-=-=-=-=-=-=-=-=-=--=-=-=-=-=-=-=-=-=-=-
> ----- Original Message -----
> From: Hermann Strassner <[EMAIL PROTECTED]>
> To: Fw-1 Mailinglist <[EMAIL PROTECTED]>
> Sent: Thursday, February 15, 2001 12:24 AM
> Subject: [FW1] Why does i have many pakets of this type
>
>
> >
> > Hello all!
> >
> > I have a lot of these pakets with high ports and i do not
> understand why.
> May someone explain it to me?
> >
> > Action Service Source Destination
> Proto Rule
> S_Port
> > "drop" "1684" "ns2.UUNet" "Mailserver"
> "udp" "29"
> "nameserver"
> > "drop" "10933" "marktplatz02.ebay.is-kunden.de" "NS1"
> "tcp" "29"
> "http"
> > "drop" "57896" "mbr-s05.websys.aol.com" "NS1"
> "tcp" "29"
> "84"
> > "drop" "4718" "www03.chip.icpro.de" "NS1"
> "tcp" "29"
> "http"
> > "drop" "3416" "tp160178.adsl.tisnet.net.tw" "Mailserver"
> "tcp" "29"
> "smtp"
> > "drop" "1684" "ns1.UUNet" "Mailserver"
> "udp" "29"
> "nameserver"
> > "drop" "10933" "marktplatz02.ebay.is-kunden.de" "NS1"
> "tcp" "29"
> "http"
> > "drop" "57896" "mbr-s05.websys.aol.com" "NS1"
> "tcp" "29"
> "84"
> > "drop" "4718" "www03.chip.icpro.de" "NS1"
> "tcp" "29"
> "http"
> > "drop" "3416" "tp160178.adsl.tisnet.net.tw" "Mailserver"
> "tcp" "29"
> "smtp"
> > "drop" "1684" "ns2.UUNet" "Mailserver"
> "udp" "29"
> "nameserver"
> >
> > I have "Accept Established TCP Connections" (Policy / Properties /
> AccessList)" on first.
> > SMTP connections and Nameserver traffic are OK, i haven´t
> noticed anything
> else. It looks like there is only a small count of the
> connections dropped.
> >
> > These errors are also in times where our Internet connection is not used
> up, and also with connections that do not go to the Internet, only to the
> DMZ.
> > Are there any other possible reasons?
> >
> > Hermann
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
