RE: [fw-wiz] Source of T/TCP traffic
lordchariot_at_earthlink.net
Date: 09/09/03
- Previous message: Volker Tanger: "Re: [fw-wiz] Source of T/TCP traffic"
- In reply to: Knut Bjornstad: "[fw-wiz] Source of T/TCP traffic"
- Next in thread: Mikael Olsson: "Re: [fw-wiz] Source of T/TCP traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
To: "'Knut Bjornstad'" <kbjo@interpost.no>, <firewall-wizards@honor.icsalabs.com> Date: Tue, 9 Sep 2003 12:34:53 -0400
Is this incoming traffic to your web server from the internet?
I was just speaking to a wireless provider who was describing some of
the methods they are trying to implement to increase performance for
their wireless clients. It involves putting a device in-line on their
side that does some sort of optimization and/or compression, but he
wasn't sure exactly what it did.
Perhaps something like this is occuring. Can you trace the source to any
particular ISP or carrier?
Erik
-----Original Message-----
From: firewall-wizards-admin@honor.icsalabs.com
[mailto:firewall-wizards-admin@honor.icsalabs.com] On Behalf Of Knut
Bjornstad
Sent: Tuesday, September 09, 2003 7:23 AM
To: firewall-wizards@honor.icsalabs.com
Subject: [fw-wiz] Source of T/TCP traffic
Our IDS are seeing a lot of peculiar T/TCP traffic - the alerts on this
is no problem in itself - I can easily disable them. But when I try to
analyze the traffic, it seems like ordinary web traffic from various MS
IE sources. Now T/TCP is - according to my impression - a halfdead
attemt at speeding up TCP, and nothing I would associate with this kind
of everyday events. My theory is that this is coused by some firewall or
similar product that modidfies outgoing traffic by adding the neccessary
TCP option to the packets.
First question: Do anyone in this forum know of a product that does
something like that (I suspect something from Checkpoint, but I am not
sure about that)?
Second question: Given that T/TCP has problematic security, can ordinary
firewalls handle the protocol by setting up relevant rules?
-- --Knut Bjornstad -- ErgoIntegration AS ---Oslo, Norway------- --kbjo@interpost.no -- t:47 23 14 53 36 -- mob: 901 15 917 -- _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards _______________________________________________ firewall-wizards mailing list firewall-wizards@honor.icsalabs.com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
- Previous message: Volker Tanger: "Re: [fw-wiz] Source of T/TCP traffic"
- In reply to: Knut Bjornstad: "[fw-wiz] Source of T/TCP traffic"
- Next in thread: Mikael Olsson: "Re: [fw-wiz] Source of T/TCP traffic"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
