Firewall Wizards mailing list archives
Re: Firewall(s) "maxed" out
From: Joseph S D Yao <jsdy () cospo osis gov>
Date: Tue, 12 Oct 1999 14:36:54 -0400 (EDT)
During the past two days, both of these firewalls became "maxed" out, for lack of a better term. Specifically, both machines had reached their maxtask limits and could no longer fork any new processes. A check of the systems revealed very large numbers of HTTP connections from individual internal client workstations. Does anyone know of some "new" browser plug-in or service pack which could be responsible for this ?? ...
Tell your users to keep JavaScript turned off when browsing the
publicly accessible Internet, especially when browsing their porn
sites. ;-} We had noticed in our firewall logs that some users
visiting sites meriting reprimand had all of a sudden blossomed dozens
within seconds. We also found out why.
Also, make sure that your users have internal domains in their
Exceptions or No-Proxy lists. Otherwise, all attempts to hit internal
Web sites will be mediated by the Web proxy.
--
Joe Yao jsdy () cospo osis gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
PLEASE ... send or Cc: all "COSPO/OSIS Computer Support"
mail to sys-adm () cospo osis gov
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
Current thread:
- Firewall(s) "maxed" out Regan, Sharon (Oct 12)
- Re: Firewall(s) "maxed" out Joseph S D Yao (Oct 12)
- Re: Firewall(s) "maxed" out Johann G. Hautzinger (Oct 16)
- <Possible follow-ups>
- RE: Firewall(s) "maxed" out Regan, Sharon (Oct 16)
- RE: Firewall(s) "maxed" out JSK (Oct 18)
- Re: Firewall(s) "maxed" out Steven M. Bellovin (Oct 18)
- Re: Firewall(s) "maxed" out Joseph S D Yao (Oct 12)