[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] Re: [FW1] Syndefender False Positives
Sure. SynDefender may drop packets if the timeout is too short. The timeout will determine if the firewall should perform a RST to the destination. After using it, I think passive makes more sense than active since the firewall doesn't "broker" the connection request on behalf of the destination and the source. If the user is on a slow link (<56kbps), then timeouts are a usual occurrence. Also, remember HTTP traffic is really have a series of requests that could time out individually and generate false positives. Hence, the user may see a frame for a lost picture, some missing text, a dropped advertisement (darn!), etc. I think SynDefender is a good idea but there's no real control to the product other than the timeout. There needs to be more robust detection, control, analysis, and response, like an IDS product would provide. David C. Diemer, CCSA, CNE Enterprise Security Firewall Engineer Georgia Department of Administrative Services (DOAS) [email protected]>>> "John W. Booth" <[email protected]> 09/27/00 10:14AM >>> I am using the Syndefender features with FW-1. I am seeing alot drops siting rule 0 and Syndefender. Does anyone know any typical false positives for this type of behavior ? __________________________________________________ Do You Yahoo!? Send instant messages & get email alerts with Yahoo! Messenger. http://im.yahoo.com/ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================ ================================================================================ To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================================================
|