[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [FW1] Beware BLOCK INTRUDER
[ The following text is in the "iso-8859-1" character set. ]
[ Your display is set for the "US-ASCII" character set. ]
[ Some characters may be displayed incorrectly. ]
Thanks Chris. I appreciate your input and look forward to that data in your
notes. Your FW friend.
From: cbrenton [mailto:email@example.com]
Sent: Tuesday, April 06, 1999 7:55 PM
To: Toujague, Orlando
Subject: Re: [FW1] Beware BLOCK INTRUDER
On Tue, 6 Apr 1999, Toujague, Orlando wrote:
> In FW1 under active logs, there is an option called BLOCK INTRUDER which
> will allow you to cut off an active connection coming into your network.
> Sounds nifty - DON'T USE IT. I tried it in the lab and then I could not
> it off. Also, it appeared to have cut-off more than the client connection,
> even the FW could not get out.
This is the same hook used by RealSecure to make dynamic changes to the
firewall policy. It is a pretty cool tool if you need to nuke an active
session from the log viewer and do not want to take the time to create an
actual policy rule. There is a select option from the dialog box which
allows you to kill the traffic for only a specific period of time.
> I called CheckPoint on this and they said - DON'T USE IT. It's a known bug
> and they haven't been able to resolve it.
Humm. I have not used this feature "a lot" but I have it hooked in with
one RS install. I've also used it a few times on two other installs. As I
said, no worries if you set the timer.
> So how do I turn it off? They said, you must reboot.
There is an fw xxxx switch that kills this. You can not "un-nuke" a single
connection but rather must clear the entire table. You can clear the
problem without disturbing firewall operation however.
I do not have my notes with me at the moment but I can look up the
switch value if you need it.
* Multiprotocol Network Design & Troubleshooting
* Mastering Network Security
To unsubscribe from this mailing list, please see the instructions at