Firewall Wizards mailing list archives
RE:
From: "Dom De Vitto" <dom () devitto com>
Date: Wed, 8 Dec 1999 20:46:42 -0000
There is an article on phoneboy's site about this, I believe it's to do with FW1 generating keepalives for the connection, but dropping the last (self-generated) keepalive after the session expires. Dom - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Dom De Vitto Secure Technologies Ltd. Mob. 07971 589 201 mailto:dom () devitto com Tel. 01202 738 767 http://www.devitto.com Fax. 08700 548 750 - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -----Original Message----- From: owner-firewall-wizards () lists nfr net [mailto:owner-firewall-wizards () lists nfr net]On Behalf Of dwelch () uswestmail net Sent: Sunday, December 05, 1999 3:27 AM To: joel_snider () yahoo com Cc: firewall-wizards () nfr net Subject: Re:
From my experience, this is FireWall-1 seeing traffic on connections it thinks that have already closed (probably a stray "FIN" packet). It is safe to drop and ignore these packets.
-- Dameon On Fri, 03 December 1999, Joel Snider wrote:
I have been using a Checkpoint Firewall-1 to protect my DMZ from the Internet. Since installation I have noticed that my webservers which are on the DMZ behind the firewall seem to be connecting to multitudes of Internet host unsolicited. The destination port seems to be random, but often increments. The source port from web servers is always 80 or 443. As I have added webservers this condition has gotten unbearable because of the massive amount of info in the log files. I do not allow unlimited access from the DMZ to the Internet so these packets are getting dropped at the firewall. I have checked with the web developement team and they say that they are not doing anything with the servers that would cause this. I know that I could filter out these events and not log them, but I want to understand what is happening first and look for other alternatives. Please let me know if you have seen this before.
-- Dameon D. Welch, a.k.a. PhoneBoy (dwelch () phoneboy com) Check Point FireWall-1 FAQs at http://www.phoneboy.com/fw1/ The views expressed herein are not necessarily those of anyone else. -- Signup for your free USWEST.mail Email account http://www.uswestmail.net
Attachment:
Domenico De Vitto.vcf
Description:
Current thread:
- Re: dwelch (Dec 05)
- RE: Dom De Vitto (Dec 08)