[FW1] IP650 crashing / FIN_WAIT_1

Tue, 07 Aug 2001 03:18:53 -0700 


        I'm hoping someone out there can help me.  I'm running an IP650 with
IPSO 3.3 and FW-1 SP3.  Occasionally, the firewall begins dropping packets,
and then shortly after crashes, to the point where we can't even console
into it.  This morning, as it was occuring I noticed some interesting
things.
        Just prior to the crash, and ever since, I'm receiving the following
messages quite often via syslog;
                Aug  6 11:14:41 <firewall_name_removed> [LOG_CRIT] kernel:
FW-1: Warning: modify for a new entry:
                Aug  6 11:14:41 <firewall_name_removed> [LOG_CRIT] kernel:
<c0a82e01,a1,c0a82e1d,0,11;0,4000,0> <0 : =0 22>
At first they appeared to be logging randomly, but now it's every five
minutes.
        Also, I ran an fwinfo just prior to the crash, during the packet
loss, and I noticed several (thousands) entries in the netstat -na section
similar to the following; 
tcp        0    362  <firewall_IP_removed>.1571    63.209.5.150.80
FIN_WAIT_1
tcp        0    334  <firewall_IP_removed>.1572    63.209.5.150.80
FIN_WAIT_1
tcp        0    417  <firewall_IP_removed>.1573    63.209.5.150.80
FIN_WAIT_1
tcp        0    406  <firewall_IP_removed>.1574    63.209.5.150.80
FIN_WAIT_1
tcp        0    285  <firewall_IP_removed>.1575    63.209.5.140.80
FIN_WAIT_1
tcp        0    385  <firewall_IP_removed>.1577    63.209.5.150.80
FIN_WAIT_1
63.209.5.140 resolves to part of honesty.com, which provides some internet
auction services such as counters and things.

        My first thought was that this was some sort of DOS, but given the
source, I doubt it's intentional.  Does anyone have any ideas?

Thanks in advance!

Jeff Jarmoc - CCSA, CCNA, MCSE
Network Analyst - Grubb & Ellis
847.753.7617
          *********Internet Email Confidentiality Footer*********
This Message may include Confidential Information.  DISSEMINATION,
DISTRIBUTION OR COPYING OF THIS COMMUNICATION by anyone other than the
intended addressee IS PROHIBITED. If you are not the intended addressee of
this message (or responsible for delivery of the message to the addressee),
please destroy this message and kindly notify the sender by reply email.
Thank You


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Reply via email to