|
Firewall Wizards
mailing list archives
Re: Is it "fishy"?
From: "Stephane Nasdrovisky" <stephane.nasdrovisky () uniway be>
Date: Wed, 05 Dec 2001 08:39:34 +0100
Firewalls are not the only devices logging their (and user's) activity.
You'd better have a look at you web server log and/or your IDS and/or
your network flight recorder to get the full picture on this event.
If you have some large files on your web server, this 2 hours session
could be a slow transfer.
I've seen browsers re-sending their fin packet during half an hour
because of a checkpoint firewall-1 design flow. I would not be too
surprise to see such packets during 2 hours.
You're the only one who could answer the question currently. You know
what's on your web server (i.e. is there some large page ?).
----- Original Message -----
From: "C. K. Lung" <clung () hotmail com>
Date: Tuesday, December 4, 2001 8:54 pm
Subject: [fw-wiz] Is it "fishy"?
The firewall log shows that a host (YMCA12) has been using http
accessing a
web site over 2 hours. Is it a form of "attack" or it is normal.
The time
is between 10:15 am till 12:30 pm.
Any comments are much appreciated.
Thanks,
clung
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://list.nfr.com/mailman/listinfo/firewall-wizards
 By Date 
By Thread
Current thread:
| 
Intro
