[ previous ] [ next ] [ threads ]
 From:  "Jewell, Michael" <mjewell at law dot umaryland dot edu>
 To:  <m0n0wall at lists dot m0n0 dot ch>
 Subject:  RE: [m0n0wall] LDAP over TLS: blocked packets that shouldn't be blocked
 Date:  Wed, 27 Sep 2006 09:07:45 -0400
In the cisco PIX and FWSM's you can turn off the specific syslog message for it...  If anyone's
interested in it I can find it for you,  but I have mine turned off (since there's really no nead to
log it when I get 30k other syslog messages every day).


From: Chris Buechler [mailto:cbuechler at gmail dot com]
Sent: Tue 9/26/2006 11:12 PM
Cc: m0n0wall at lists dot m0n0 dot ch
Subject: Re: [m0n0wall] LDAP over TLS: blocked packets that shouldn't be blocked

On 9/26/06, Joyce, Wesley K. <wjoyce at uvi dot edu> wrote:
> Disturbing indeed.  How do other firewalls handle the "duplicate or last packets of a session" >

Disturbing?  This is how stateful firewalls work.  All stateful
firewalls, commercial or open source, have the same "issue".  If they
let that traffic through, after the connection it was associated with
is closed and out of the state table, it'd be a very disturbing gaping
security hole.

All the BSD packet filters log packets dropped for this reason.  I'm
not familiar with other open source firewalls.  Most commercial
firewalls will log this the same way (the Cisco PIX firewalls I
administer log a huge amount of this - many thousands of instances of
this per day on a T1, and increases proportionately for bigger pipes).
 I've been told that some commercial firewalls hide this to avoid
support issues with the question you brought up - though I can't
personally vouch for this.


To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch
For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch