[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] RE: [FW1] Is this a DOS - port 36121
Jason, They are tco connection. The log entries read: Origin Action Service Src Dst Prot. Rule S_port Info. f.w.I.P drop 36121 a.b.c.d f.w.I.P tcp 4 51564 len 44 daemon reject 36121 a.b.c.d f.w.I.P tcp 0 51564 message SYNDefender warning: SYN->SYN-ACK->Timeout It doesn't seems to be the problem with the log viewer. The entries are very consistence and the patterns are very similar. The key is that what uses port 36121? Ken Lui -----Original Message----- From: Jason Witty [mailto:[email protected]] Sent: Tuesday, September 19, 2000 3:22 PM To: Ken Lui Subject: Re: [FW1] Is this a DOS - port 36121 What IP protocol shows up in the log viewer for this traffic? TCP? ICMP? UDP? ???GRE? Reason I ask is that the log viewer gets goofed up somtimes on non-TCP related protocols, and falsely reports a "port" for a protocol which has no "port" definitions. Ken Lui wrote: > > Hi all, > > We are running FW1 ver 4.1 and running inbound security servers for SMTP, > outbound HTTP and FTP. Lately, we have a lot of connection attempts coming > from internet to the external IP of our firewall using 36121 as service. In > the log file, the entries read: > > Action Service Src Dst Rule Src port Info. > drop 36121 a.b.c.d f.w.I.P 4 51564 len 44 > reject 36121 a.b.c.d f.w.I.P 0 51564 message > SYNDefender warning: SYN->SYN-ACK->Timeout > > This is usually before a SMTP connection to our inbound smtp server. > > I've check the port and it doesn't seems to related to any Trojan. Any > advice welcome. > > Ken > > ============================================================================ ==== > To unsubscribe from this mailing list, please see the instructions at > http://www.checkpoint.com/services/mailing.html > ============================================================================ ==== ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|