RE: [fw-wiz] Source of T/TCP traffic

lordchariot_at_earthlink.net
Date: 09/09/03

  • Next message: Knut Bjornstad: "Re: [fw-wiz] Source of T/TCP traffic"
    To: "'Knut Bjornstad'" <kbjo@interpost.no>, <firewall-wizards@honor.icsalabs.com>
    Date: Tue, 9 Sep 2003 12:34:53 -0400
    
    

    Is this incoming traffic to your web server from the internet?
    I was just speaking to a wireless provider who was describing some of
    the methods they are trying to implement to increase performance for
    their wireless clients. It involves putting a device in-line on their
    side that does some sort of optimization and/or compression, but he
    wasn't sure exactly what it did.
    Perhaps something like this is occuring. Can you trace the source to any
    particular ISP or carrier?
    Erik

    -----Original Message-----
    From: firewall-wizards-admin@honor.icsalabs.com
    [mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Knut
    Bjornstad
    Sent: Tuesday, September 09, 2003 7:23 AM
    To: firewall-wizards@honor.icsalabs.com
    Subject: [fw-wiz] Source of T/TCP traffic

    Our IDS are seeing a lot of peculiar T/TCP traffic - the alerts on this
    is no problem in itself - I can easily disable them. But when I try to
    analyze the traffic, it seems like ordinary web traffic from various MS
    IE sources. Now T/TCP is - according to my impression - a halfdead
    attemt at speeding up TCP, and nothing I would associate with this kind
    of everyday events. My theory is that this is coused by some firewall or
    similar product that modidfies outgoing traffic by adding the neccessary
    TCP option to the packets.
    First question: Do anyone in this forum know of a product that does
    something like that (I suspect something from Checkpoint, but I am not
    sure about that)?

    Second question: Given that T/TCP has problematic security, can ordinary
    firewalls handle the protocol by setting up relevant rules?

    -- 
    --Knut Bjornstad -- ErgoIntegration AS ---Oslo, Norway-------
    --kbjo@interpost.no -- t:47 23 14 53 36 -- mob: 901 15 917 --
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
    

  • Next message: Knut Bjornstad: "Re: [fw-wiz] Source of T/TCP traffic"

    Relevant Pages

    • Re: Cannot create an ASP.NET web application
      ... > the Web server" ... First question: Are we talking about a local instance of IIS or a remote ... Did you install IIS before or after Visual Studio .NET? ... can provide more detailed responses. ...
      (microsoft.public.dotnet.academic)
    • Re: How do I display current section in status bar?
      ... This is the first question I have seen you post! ... new posts are always passed on to us by the web server, ... View>Header and Footer. ... McGhie Information Engineering Pty Ltd ...
      (microsoft.public.mac.office.word)