R: R: [fw-wiz] PIX dropping packets with source port 80

edp.lists_at_acerbis.it
Date: 05/27/04

  • Next message: Dave Piscitello: "RE: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)" 
    To: <LazloCarreidas@netscape.net>
Date: Thu, 27 May 2004 15:03:11 +0200

     
    Ok.

    I think that the issue is related to some quirkiness of the tcp socket close
    (because all seems working)
    : the pix could close the translation slot before the complete handshake is
    completed thus denying the last peer packet, *BUT* we can't say more until
    you provide a detailed packet trace of the communication involved, could be
    also a misbehaving tcp stack.

    bye

    -----Messaggio originale-----
    Da: LazloCarreidas@netscape.net [mailto:LazloCarreidas@netscape.net]
    Inviato: giovedì 27 maggio 2004 10.26
    A: edp.lists@acerbis.it
    Oggetto: RE: R: [fw-wiz] PIX dropping packets with source port 80

    Hi

    <edp.lists@acerbis.it> wrote:

    >Don't be misled by port 80, could be really junk traffic and the pix
    >correcly detect that as such (in fact you report no problems in using
    >the proxy).

    I understand that. The fact is that I can prove that the proxy opens the
    connection outside to a specific address, and then some packets back are
    dropped from the same address. For example, the connection open at 14:04:02
    and packets are dropped at 14:04:04...

    >If you want only get rid of the message, just disable it with the "logging"
    >command or set the message 106023 to another syslog level (less priority).
    >i.e. "logging message 106023 level 7" or "no logging message <n>"

    No so simple. The 106023 message is for every dropped packet, and I want to
    keep the other ones...

    Thanks for the help

      Lazlò

    __________________________________________________________________
    Introducing the New Netscape Internet Service.
    Only $9.95 a month -- Sign up today at http://isp.netscape.com/register

    Netscape. Just the Net You Need.

    New! Netscape Toolbar for Internet Explorer Search from anywhere on the Web
    and block those annoying pop-ups.
    Download now at http://channels.netscape.com/ns/search/install.jsp

    _______________________________________________
    firewall-wizards mailing list
    firewall-wizards@honor.icsalabs.com
    http://honor.icsalabs.com/mailman/listinfo/firewall-wizards

  • Next message: Dave Piscitello: "RE: [fw-wiz] Vulnerability Response (was: BGP TCP RST Attacks)"

    Relevant Pages