Re: ISP Redundancy Configuration

What you describe is exactly that happen!
Do you have any idea how can I fix this problem? I'm working with
Check Point R60 on SecurePlatform I tried applied the HFA04 but
didn't work.
So if you have any suggestion I'll be very thankful.
Regards,
Daniel

Default User escreveu:

On 5 Jan 2007 04:05:13 -0800, "Daniel" <daalmeida@xxxxxxxxx> wrote:

Hi guys!!!!

I'm really need your help!!!!
I configured the ISP Redundancy and now I have problems with smtp
traffic. I get some logs and saw that the communication between the
mails server have problem to increase the ack packet, get it?
For example, when the communication start we have the treewayhandshake
after that the end points will be send an ack packet with data, so this
packets had a number to identify each other. The problem is that these
numbers of ack packets doesn't increase and the communication
doesn't happen.
Please someone can help me???
Thanks a lot!!!
Daniel

TCP A TCP B

1. CLOSED LISTEN

2. SYN-SENT --> <SEQ=100><CTL=SYN> --> SYN-RECEIVED

3. ESTABLISHED <-- <SEQ=300><ACK=101><CTL=SYN,ACK> <-- SYN-RECEIVED

4. ESTABLISHED --> <SEQ=101><ACK=301><CTL=ACK> --> ESTABLISHED

5. ESTABLISHED --> <SEQ=101><ACK=301><CTL=ACK><DATA> --> ESTABLISHED

Basic 3-Way Handshake for Connection Synchronization

Figure 7.

In line 2 of figure 7, TCP A begins by sending a SYN segment
indicating that it will use sequence numbers starting with sequence
number 100. In line 3, TCP B sends a SYN and acknowledges the SYN it
received from TCP A. Note that the acknowledgment field indicates TCP
B is now expecting to hear sequence 101, acknowledging the SYN which
occupied sequence 100.

At line 4, TCP A responds with an empty segment containing an ACK for
TCP B's SYN; and in line 5, TCP A sends some data. Note that the
sequence number of the segment in line 5 is the same as in line 4
because the ACK does not occupy sequence number space (if it did, we
would wind up ACKing ACK's!).
http://www.rfc-editor.org/rfc/rfc793.txt

hth

.

Relevant Pages

  • Re: ISP Redundancy Configuration
    ... after that the end points will be send an ack packet with data, ... In line 2 of figure 7, TCP A begins by sending a SYN segment ... indicating that it will use sequence numbers starting with sequence ...
    (comp.security.firewalls)
  • Re: ISP Redundancy Configuration
    ... So I can establish the connection and when I try from the ... Ack sequence numbers do not and should not increment ... after that the end points will be send an ack packet with data, ... In line 2 of figure 7, TCP A begins by sending a SYN segment ...
    (comp.security.firewalls)
  • Re: ISP Redundancy Configuration
    ... What I posted is directly from RFC793 describing how the TCP connection is ... Ack sequence numbers do not and should not increment ...
    (comp.security.firewalls)
  • Re: [fw-wiz] Firewalls that generate new packets..
    ... You're assuming a blind attack, ... are stymied by hard-to-predict sequence numbers and the attacker ... TCP handshake stage. ... "Prearranged formula decided on during the TCP handshake?" ...
    (Firewall-Wizards)
  • RE: [Full-Disclosure] Core Internet Vulnerable - News at 11:00
    ... > attack on TCP BGP sessions? ... Sequence number prediction isn't really ... PSEPC AV04-019 SPPCC - TCP ... The fact that TCP sessions can be reset by sending suitable RST and SYN ...
    (Full-Disclosure)