Full Disclosure mailing list archives
Firewall bug or not ?
From: <Michal.Grzybczyk () vattenfall pl>
Date: Thu, 23 Feb 2006 09:51:09 +0100
Hi, I have problem with connections through Cisco PIX ( ver. 6.3 ) During connection to Web site, suddenly after choosing next page on one form the connection was broken. ( WEB with aspx and javascript ) Using traffic to this Web site through Checkpoint it works. Tested from different sites where I suppose were not PIX and it has worked ! Is it bug on PIX or Checkpoint ? ------------------- In my log on PIX : Feb 23 07:28:41 PIX-ADR %PIX-6-302013: Built outbound TCP connection 417324 304 for outside: OUT-WEB-SERV /80 (OUT-WEB-SERV/80) to inside: LOCAL-PC/1154 (STATIC-IP-ON-PIX/1154) Feb 23 07:28:41 PIX-ADR %PIX-5-304001: LOCAL-PC Accessed URL OUT-WEB-SERV:/images/px.gif Feb 23 07:28:42 PIX-ADR %PIX-6-302014: Teardown TCP connection 417324304 fo r outside: OUT-WEB-SERV/80 to inside: LOCAL-PC /1154 duration 0:00:01 bytes 52 93 TCP Reset-I Feb 23 07:28:42 PIX-ADR %PIX-6-106015: Deny TCP (no connection) from LOCAL-PC/1154 to OUT-WEB-SERW /80 flags RST on interface inside Feb 23 07:28:42 PIX-ADR %PIX-6-106015: Deny TCP (no connection) from LOCAL-PC /1154 to OUT-WEB-SERW /80 flags RST on interface inside Feb 23 07:28:42 PIX-ADR %PIX-6-302014: Teardown TCP connection 417324262 fo r outside: OUT-WEB-SERV/80 to inside: LOCAL-PC /1153 duration 0:00:01 bytes 45 634 TCP FINs It looks like this WEB application send packet with RST against FIN and then try to resend traffic to my PC but PIX doesn't allow to connect treated RST as just reset connection. Why for example Checkpoint allow to keep this connection ? Any bug ? Thanks in advance ! Regards, Michal Grzybczyk
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Firewall bug or not ? Michal.Grzybczyk (Feb 23)