RE: [fw-wiz] Source of T/TCP traffic
Date: 09/09/03

  • Next message: Knut Bjornstad: "Re: [fw-wiz] Source of T/TCP traffic"
    To: "'Knut Bjornstad'" <>, <>
    Date: Tue, 9 Sep 2003 12:34:53 -0400

    Is this incoming traffic to your web server from the internet?
    I was just speaking to a wireless provider who was describing some of
    the methods they are trying to implement to increase performance for
    their wireless clients. It involves putting a device in-line on their
    side that does some sort of optimization and/or compression, but he
    wasn't sure exactly what it did.
    Perhaps something like this is occuring. Can you trace the source to any
    particular ISP or carrier?

    -----Original Message-----
    [] On Behalf Of Knut
    Sent: Tuesday, September 09, 2003 7:23 AM
    Subject: [fw-wiz] Source of T/TCP traffic

    Our IDS are seeing a lot of peculiar T/TCP traffic - the alerts on this
    is no problem in itself - I can easily disable them. But when I try to
    analyze the traffic, it seems like ordinary web traffic from various MS
    IE sources. Now T/TCP is - according to my impression - a halfdead
    attemt at speeding up TCP, and nothing I would associate with this kind
    of everyday events. My theory is that this is coused by some firewall or
    similar product that modidfies outgoing traffic by adding the neccessary
    TCP option to the packets.
    First question: Do anyone in this forum know of a product that does
    something like that (I suspect something from Checkpoint, but I am not
    sure about that)?

    Second question: Given that T/TCP has problematic security, can ordinary
    firewalls handle the protocol by setting up relevant rules?

    --Knut Bjornstad -- ErgoIntegration AS ---Oslo, Norway------- -- t:47 23 14 53 36 -- mob: 901 15 917 --
    firewall-wizards mailing list
    firewall-wizards mailing list

  • Next message: Knut Bjornstad: "Re: [fw-wiz] Source of T/TCP traffic"