Re: PIX dropping packets with source port 80

[Martin Mačok <martin.macok () underground cz>]

On Tue, May 25, 2004 at 12:44:14PM -0400, LazloCarreidas () netscape net wrote:

> We have a cluster of PIX 525. Since the upgrade of the PIX OS to
> 6.3(3), we get lots of 106023 messages, such as

> %PIX-4-106023: Deny tcp src DMZ:aaa.bbb.ccc.ddd (asite.adomain.atld)
> /80 dst inside:OurProxy/37568 by access-group "acl_DMZ"

Could you trace the TCP flags of such packets?
In which phase during the TCP connection do they appear? (after?)

> For the persons who uses the proxy, there is no issue...

Martin Mačok
IT Security Consultant
_______________________________________________
firewall-wizards mailing list
firewall-wizards () honor icsalabs com
http://honor.icsalabs.com/mailman/listinfo/firewall-wizards