Re: [FW1] tcp-echo reply question

[Joe Matusiewicz <joem@nist.gov>]

This has been discussed on the firewalls mailing list.  Doubleclick uses 
something called Global Dispatch, which is a utility that measures network 
latency.  The destination it targets is usually your dns servers.  They 
claim the purpose of the software makes it easy to place content close to 
geographically dispersed users and intelligently directs requests
to the best-suited Point of Presence (POP).  I don't see them trying to 
hammer our servers; I do see about 8 drops from them on tcp port 7 every 
once in a while.

What IDS software are you using that gave you that TCP SYN/SCAn report?


-- Joe



At 01:42 PM 10/5/99 -0600, Tige Richardson wrote:

>Hi,
>
>Perhaps someone on this list can help me...For the past few months I have 
>been
>experiencing the following output from one of our firewall logs...what
>specifically is echo-tcp and why is it banging against our 
>firewall?  Queries to
>the intruding domain have gone unanswered...the echo-tcp request is 
>hammering an
>external ftp server in our DMZ that is directly attached to our firewall-1
>server.
>
>Any advice or experience with this service and how to stop this would be
>appreciated...For security reasons, I have truncated the destination IP 
>address
>in the logs below.
>
>Thanks,
>
>trichard

  


================================================================================
     To unsubscribe from this mailing list, please see the instructions at
               http://www.checkpoint.com/services/mailing.html
================================================================================