[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [FW1] Lots of SYN-Timeouts, why?

To: Fw-1-mailinglist@lists.us.checkpoint.com, tgue@techem.de
Subject: Re: [FW1] Lots of SYN-Timeouts, why?
From: Guillaume.SCHACHTELE@gemplus.com
Date: Wed, 6 Oct 1999 10:38:55 +0200
Sender: owner-fw-1-mailinglist@lists.us.checkpoint.com






     Hello Ralf,

     Your entries are reject with the rule 0. It's because you use the
     SYBDefender option in the Properties.

     You can tune the SYNDefender by going into the "SYNDefender Setup" tab
     into the "Properties Setup" panel under the "Policy" menu...

     There you ve got three radio-buttons for the method and a time-out.
     You can increase the time-out and then look if you have still such
     problems.

     If there is no improvement you should look to your route. Maybe one is
     not correctly done so the acknowledgement arrive after the time-out
     ended. In this case the FW-1 suppose that this is a syn attack and
     then reject the packets.

     Regards
     Guillaume.



____________________________ Séparateur Réponse ________________________________
Objet : [FW1] Lots of SYN-Timeouts, why?
Auteur :  "Ralf Günthner" <tgue@techem.de> à INTERNET
Date :    05/10/99 13:55







Hello list

Since we had our new Nokia IP440 installed there seems to be a growing number of
entries like this one:

"5Oct1999"  "12:48:10"  "daemon"  "log"  "reject"  "http"  "192.168.1.60"
"www.techem.de"  "tcp"  "0"  "1042"  ""  ""  ""  ""  " message SYN -> SYN-ACK ->
Timeout"

The source address is a remote workstation connected to our internal network via
ISDN. I already tried to use the "Fast Mode"-option for http, but my impression
was that the timeout entries even increased so I switched it off again. Maybe
because all internal addresses are HIDE-NATed behind the external interface of
the FW??

Where else could I do some fine-tuning to improve the situation?
Any hints highly appreciated

Regards
Ralf G.











================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================



 ----------------------------------------------------------------
 INFORMATION    AUTOMATIC VIRUS CHECK (GEMPLUS)   No virus known.
 ----------------------------------------------------------------






 ----------------------------------------------------------------
 INFORMATION    AUTOMATIC VIRUS CHECK (GEMPLUS)   No virus known.
 ----------------------------------------------------------------







================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================

Prev by Date: [FW1] Lucent Firewall
Next by Date: Re: [FW1] What service is udp port 31337?
Prev by thread: Re: [FW1] Lots of SYN-Timeouts, why?
Next by thread: Re: [FW1] Lots of SYN-Timeouts, why?
Index(es):
- Date
- Thread