Anyone seeing problems with the SmartDefense CPAI-2006-069
check for "Block Malformed Key Exchange Init Message"?
Our enforcement module is SPlat Pro NGX R60/HFA03 (Checkpoint
Enterprise Pro with Firewall, VPN, SecureXL, multiple CPUs)
With this defense set to block, a lot of our (mainly Windows-based?)
users are seeing problems with their SSH connection attempts.
Some report seeing about a quarter of the connection attempts
fail immediately, the rest work at least initially. There's
also been reports of connections that work for a while, 5-10
minutes, and then break.
As far as I can tell, this is mainly (or only?) affecting folks
coming from Windows boxes. The SSH.com client and with CYGWIN
as an ssh client have been reported as having problems. However,
I'm told "Putty" appears to work fine. Linux boxes (with openssh)
also seem to be fine.
Everyone seems to agree that switching this defense to
"Monitor Only" has solved the problem.
Thanks
-Larry
=================================================
To set vacation, Out-Of-Office, or away messages,
send an email to LISTSERV AT amadeus.us.checkpoint DOT com
in the BODY of the email add:
set fw-1-mailinglist nomail
=================================================
To unsubscribe from this mailing list,
please see the instructions at
http://www.checkpoint.com/services/mailing.html
=================================================
If you have any questions on how to change your
subscription options, email
fw-1-owner AT ts.checkpoint DOT com
=================================================
|
