OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
NFR Wizards Archives: (no subject)

(no subject)

Subject: (no subject)
From: dwelchuswestmail.net
Date: Sat Dec 04 1999 - 21:27:17 CST

From my experience, this is FireWall-1 seeing traffic on connections it thinks that have already closed (probably a stray "FIN" packet). It is safe to drop and ignore these packets.

-- Dameon

On Fri, 03 December 1999, Joel Snider wrote:

> I have been using a Checkpoint Firewall-1 to protect
> my DMZ from the Internet. Since installation I have
> noticed that my webservers which are on the DMZ behind
> the firewall seem to be connecting to multitudes of
> Internet host unsolicited. The destination port seems
> to be random, but often increments. The source port
> from web servers is always 80 or 443. As I have added
> webservers this condition has gotten unbearable
> because of the massive amount of info in the log
> files. I do not allow unlimited access from the DMZ
> to the Internet so these packets are getting dropped
> at the firewall. I have checked with the web
> developement team and they say that they are not doing
> anything with the servers that would cause this. I
> know that I could filter out these events and not log
> them, but I want to understand what is happening first
> and look for other alternatives. Please let me know
> if you have seen this before. 

--
Dameon D. Welch, a.k.a. PhoneBoy (dwelchphoneboy.com)
Check Point FireWall-1 FAQs at http://www.phoneboy.com/fw1/
The views expressed herein are not necessarily those of anyone else.
--
Signup for your free USWEST.mail Email account http://www.uswestmail.net

This archive was generated by hypermail 2b27 : Mon Dec 06 1999 - 04:06:52 CST