Someone performed a scan of our network, on port 80,
the other day.
The logs funny, could someone please enlighten me a little?
First I logged a lot of drops by my last "deny all" rule, for
a group of IP addresses.
Then followed drops by rule 0 ("unknown established TCP packet"),
for the same IP addresses, same source port.
Why both rules?
Is there anything in FW-1 that would cause these packets to be logged twice,
or were there simply two packets sent to each IP?
Cheers,
Anders RM :)
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
