Jason Haar wrote: > I'm trying to scan our DMZ using Nessus. The PIX in front appears to have a > charming feature whereby it delays returns RSETs and changes the order of > them too. This appears to only kick in if the PIX receives more than one > such erroneous packet from a host in a small period of time.
Since when are RSET packets erroneous? They are very valid and a useful part of TCP communication. I don't see why a PIX would want to delay and/or reorder them (unless you're being flooded with them, but even then..). With the risk of being flamed: I've used nessus from behind a Checkpoint FW-1 using NAT without any problems. Sincerely, -- Richard van den Berg, CISSP Trust Factory B.V. | http://www.trust-factory.com/ Bazarstraat 44a | Phone: +31 70 3620684 NL-2518AK The Hague | Fax : +31 70 3603009 The Netherlands |
