|
||||||||
In the cisco PIX and FWSM's you can turn off the specific syslog message for it... If anyone's interested in it I can find it for you, but I have mine turned off (since there's really no nead to log it when I get 30k other syslog messages every day). -Mike ________________________________ From: Chris Buechler [mailto:cbuechler at gmail dot com] Sent: Tue 9/26/2006 11:12 PM Cc: m0n0wall at lists dot m0n0 dot ch Subject: Re: [m0n0wall] LDAP over TLS: blocked packets that shouldn't be blocked On 9/26/06, Joyce, Wesley K. <wjoyce at uvi dot edu> wrote: > Disturbing indeed. How do other firewalls handle the "duplicate or last packets of a session" > issue? > Disturbing? This is how stateful firewalls work. All stateful firewalls, commercial or open source, have the same "issue". If they let that traffic through, after the connection it was associated with is closed and out of the state table, it'd be a very disturbing gaping security hole. All the BSD packet filters log packets dropped for this reason. I'm not familiar with other open source firewalls. Most commercial firewalls will log this the same way (the Cisco PIX firewalls I administer log a huge amount of this - many thousands of instances of this per day on a T1, and increases proportionately for bigger pipes). I've been told that some commercial firewalls hide this to avoid support issues with the question you brought up - though I can't personally vouch for this. -Chris --------------------------------------------------------------------- To unsubscribe, e-mail: m0n0wall dash unsubscribe at lists dot m0n0 dot ch For additional commands, e-mail: m0n0wall dash help at lists dot m0n0 dot ch |