[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [FW-1] Firewall-1 NG Forges SYN ACK - even with SYNdefender switched off
HI there I have Firewall-1 NG Feature Pack 2 installed on a Win2K Server. Clients internally operate on a 10.0.0.X range - and the firewall has 2 interfaces - one Internal, one External. Clients are hidden behind the firewalls external address - (This is necessary due to the fact that we only have 1 useable IP address - and we are not publishing any services to the Internet) What I am seeing is as follows... Client tries to telnet to an external server on a fictitious port ie. www.ibm.com on port 1. the client gets a connect. ie Client issues SYN, Receives SYN ACK, and then replies with an ACK - as a result, the client thinks that it has a connection. Having done some packet captures, I can see that Firewall-1 is actually forging the SYN ACK - and (not surprisingly) www.ibm.com is not replying on port 1 with a SYN ACK. Firewall-1 is configured with SYNDefender turned off - both on the firewall object and under the global properties. Do you know if this is a bug - or have I mis-configured Firewall-1 / is there a script file that can be editted? Any feedback would be most appreciated... Many Thanks...Rowland Rowland Johnson Network Consultant [email protected] ================================================= To set vacation, Out Of Office, or away messages, send an email to [email protected] in the BODY of the email add: set fw-1-mailinglist nomail ================================================= To unsubscribe from this mailing list, please see the instructions at http://www.checkpoint.com/services/mailing.html ================================================= If you have any questions on how to change your subscription options, email [email protected] =================================================
|