[fw-wiz] Source of T/TCP traffic

From: Knut Bjornstad (kbjo_at_interpost.no)
Date: 09/09/03

Next message: Knut Bjornstad: "Re: [fw-wiz] Source of T/TCP traffic"

Previous message: Michael Still: "Re: [fw-wiz] Squid Proxy"
Next in thread: Knut Bjornstad: "Re: [fw-wiz] Source of T/TCP traffic"
Maybe reply: Knut Bjornstad: "Re: [fw-wiz] Source of T/TCP traffic"
Maybe reply: Dave Killion: "RE: [fw-wiz] Source of T/TCP traffic"
Reply: Volker Tanger: "Re: [fw-wiz] Source of T/TCP traffic"
Reply: lordchariot_at_earthlink.net: "RE: [fw-wiz] Source of T/TCP traffic"
Reply: Mikael Olsson: "Re: [fw-wiz] Source of T/TCP traffic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: firewall-wizards@honor.icsalabs.com
Date: Tue, 9 Sep 2003 13:22:40 +0200

Our IDS are seeing a lot of peculiar T/TCP traffic - the alerts on this
is no problem in itself - I can easily disable them. But when I try to
analyze the traffic, it seems like ordinary web traffic from various MS
IE sources. Now T/TCP is - according to my impression - a halfdead
attemt at speeding up TCP, and nothing I would associate with this kind
of everyday events. My theory is that this is coused by some firewall or
similar product that modidfies outgoing traffic by adding the neccessary
TCP option to the packets.
First question: Do anyone in this forum know of a product that does
something like that (I suspect something from Checkpoint, but I am not
sure about that)?

Second question: Given that T/TCP has problematic security, can ordinary
firewalls handle the protocol by setting up relevant rules?

-- 
--Knut Bjornstad -- ErgoIntegration AS ---Oslo, Norway-------
--kbjo@interpost.no -- t:47 23 14 53 36 -- mob: 901 15 917 --
_______________________________________________
firewall-wizards mailing list
firewall-wizards@honor.icsalabs.com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

Next message: Knut Bjornstad: "Re: [fw-wiz] Source of T/TCP traffic"

Previous message: Michael Still: "Re: [fw-wiz] Squid Proxy"
Next in thread: Knut Bjornstad: "Re: [fw-wiz] Source of T/TCP traffic"
Maybe reply: Knut Bjornstad: "Re: [fw-wiz] Source of T/TCP traffic"
Maybe reply: Dave Killion: "RE: [fw-wiz] Source of T/TCP traffic"
Reply: Volker Tanger: "Re: [fw-wiz] Source of T/TCP traffic"
Reply: lordchariot_at_earthlink.net: "RE: [fw-wiz] Source of T/TCP traffic"
Reply: Mikael Olsson: "Re: [fw-wiz] Source of T/TCP traffic"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

Relevant Pages

Re: [fw-wiz] Source of T/TCP traffic
... > TCP option to the packets. ... > First question: Do anyone in this forum know of a product that does ... Are you sure that this is actually T/TCP you're seeing? ... Any firewall that requires SYN/SYNACK/ACK will prevent T/TCP ...
(Firewall-Wizards)
RE: [fw-wiz] Source of T/TCP traffic
... T/TCP bond when connecting. ... IE will actually try T/TCP first, ... back to normal TCP after failing. ... First question: Do anyone in this forum know of a product that does ...
(Firewall-Wizards)