Firewall Wizards mailing list archives
Re: Firewall(s) "maxed" out
From: "Johann G. Hautzinger" <trema () eic at>
Date: Fri, 15 Oct 1999 09:01:58 +0200
Joseph S D Yao wrote:
During the past two days, both of these firewalls became "maxed" out, for lack of a better term. Specifically, both machines had reached their maxtask limits and could no longer fork any new processes. A check of the systems revealed very large numbers of HTTP connections from individual internal client workstations. Does anyone know of some "new" browser plug-in or service pack which could be responsible for this ?? ...Tell your users to keep JavaScript turned off when browsing the publicly accessible Internet, especially when browsing their porn sites. ;-} We had noticed in our firewall logs that some users visiting sites meriting reprimand had all of a sudden blossomed dozens within seconds. We also found out why. Also, make sure that your users have internal domains in their Exceptions or No-Proxy lists. Otherwise, all attempts to hit internal Web sites will be mediated by the Web proxy.
... which reminds me of a very useful tool: go to http://www.junkbuster.com and have a look. we are using a chain of proxies, squid - junkbuster - tis kits' http-gw to "bust junk out of our users' life" (including, porn, java[script], ads,...) turning of things is quite easy - turning on desired content might cause you to give it a thought or two ;-) hth Hannes -- Johann Georg Hautzinger, email: trema () eic at, Tel.: 531 00 1907 Erste Bank AG - OE 0423 - Orga./Entw. Treasury u. Orga.Wertpapier Boersegasse 14, 1010 Wien http://treasury.erstebank.at
Current thread:
- Firewall(s) "maxed" out Regan, Sharon (Oct 12)
- Re: Firewall(s) "maxed" out Joseph S D Yao (Oct 12)
- Re: Firewall(s) "maxed" out Johann G. Hautzinger (Oct 16)
- <Possible follow-ups>
- RE: Firewall(s) "maxed" out Regan, Sharon (Oct 16)
- RE: Firewall(s) "maxed" out JSK (Oct 18)
- Re: Firewall(s) "maxed" out Steven M. Bellovin (Oct 18)
- Re: Firewall(s) "maxed" out Joseph S D Yao (Oct 12)