This sounds like you either have some sort of denial of service attack or
you have asynchronous routing going on. If it's not asynchronous routing
then it's probably a DOS attack of some sort or somebody's got a broken IP
stack in which case your firewall is doing exactly what it's supposed to be
doing.
If it's asynchronous routing then you need to check the routing in between
the firewall and the host, I've seen boxes with interfaces on 2 networks
receiving packets from one interface and sending from the other.
hope this helps
GP
-----Original Message-----
From: Jason Cameron [mailto:jasonc AT FIN-X DOT COM]
Sent: 26 February 2004 06:46
To: FW-1-MAILINGLIST AT AMADEUS.US.CHECKPOINT DOT COM
Subject: [FW-1]
Hi all ,
I seem to have a lot of following enteries of this type in my logs
TCP packet out of state: First packet isn't SYN
tcp_flags: FIN-ACK
I wonder about the security risk of disabling the option " Drop out of
State Tcp Packets ". I understand that if I disable the option the
Packet received which is out of state will then just be compared against
the rulebase. I have been advised not to disable it .
I need to understand what risks are there in disabling this feature as
the traffic that we receive is via a network with which sends messages
At different intervals in a day and then we get the above message in the
logs
However I also have a network connected to the internet do I don't wan
to make changes globally that will be a risk.
Please advise
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
Vodafone Global Content Services Limited
Registered Office: Vodafone House, The Connection, Newbury, Berkshire RG14 2FN
Registered in England No. 4064873
This e-mail is for the addressee(s) only. If you are not an addressee, you
must not distribute, disclose, copy, use or rely on this e-mail or its
contents, and you must immediately notify the sender and delete this e-mail
and all copies from your system. Any unauthorised use may be unlawful. The
information contained in this e-mail is confidential and may also be legally
privileged.
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
