RE: [rapt] FTP problem - Raptor Solaris firewall and NT4 SP6 ftp servers

[tbh1 <tbh1 () bellsouth net>]

Bob -

There are documented and admitted TCP stack problems with FIN packets in 6a 
(which is I assume what SP you are talking about).  I am not aware of them 
issuing a fix for this yet, but I would suspect that there will be a SP6b 
sometime soon, as this problem has been known for at least 90 days.

6 (with no a) is a huge TCP stack mess.  5 has it's problems also.  4 is 
relatively clean.

Let's not get started about what a peice of crap Win2000 is behind the 
scenes.

This discussion should be aimed at Microsoft to document clearly what a 
service pack does.  Each one makes hundreds or thousands of changes, and to 
this point at least, they will not tell you what all the service pack 
changes.

Tom Hutton
eCommSecurity

-----Original Message-----
From:   Wildt, Bob [SMTP:WildtB () kochind com]
Sent:   Wednesday, September 20, 2000 11:09 AM
To:     'raptor-list () firetower com'; 'firewall-wizards () nfr net'
Cc:     Moles, Robert
Subject:        [rapt] FTP problem - Raptor Solaris firewall and NT4 SP6 ftp 
servers

I'm looking for anyone else that may be experiencing this problem or any
insight into it.

I have two Axent Raptor firewalls (v5.0.3 and v6.0.2 on Solaris 2.6) that
exhibit this problem.  FTP sessions initiated by the firewall to NT4 SP6
servers will often hang waiting for a data channel (port 20) FIN packet. 
 It
appears that the FIN packet is coming out of sequence when compared to a
successful command, which causes the session to hang.  The problem is
internittent but consistent.  It may fail on the 1st command of a session 
or
on a later command.  It almost always fails with 6 or 7 commands.

I have the problem only between my Raptor firewalls and NT4 service pack 6
servers (3 different NT servers so far).  One of our partners upgraded to
SP6 last weekend and ftp transfers that had been running flawlessly are now
hanging.  I don't know if this happens to all NT4 SP6 servers we connect 
to,
but it does seem to be a pattern.

I have been working with Axent support on this, but they are having trouble
recreating the problem.  If you can answer any of these questions, I would
appreciate a response.

1) Any other Axent Raptor users out there that are experiencing similar
problems?

2) Has anyone other than Raptor users had similar problems communicating
with NT4 SP6 servers?

3) Does anyone know of specific changes made in NT service pack 6 as
pertains to their TCP/IP stack?

Thanks.
- - - - - - - - - -
Bob Wildt
UNIX and Mainframe Systems
Koch Industries Inc.
wildtb () kochind com
316-828-6970



* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
* This list is sponsored by FireTower, Inc. -- Security Consulting
*
* Before posting, please check the following resources:
*    Patches/Hotfixes... http://www.raptor.com/cs/patches/
*    Raptor FAQs........ http://www.raptor.com/cs/FAQ/
*    FireTower FAQs..... http://www.firetower.com/faqs/
*    List Archives...... http://firetower.com/archives.html
* - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

_______________________________________________
Firewall-wizards mailing list
Firewall-wizards () nfr net
http://www.nfr.net/mailman/listinfo/firewall-wizards