[Dshield] Re: Crowder communications in 1972-80?

Frank Woodward frwoodwa at shuswap.net
Thu Mar 7 01:25:19 GMT 2002


To Peter Crowder, Peter did you work in Terrace BC, with a company caled Crowder communications in 1972-80?

Frank

Peter Crowder wrote:

> Hello Eric,
>
> We did have a similar problem with a client trying to access our web site
> from behind a Netscreen firewall.
>
> What you may find is that the Raptor has the SYN Flood protection still
> turned on, which is why the Netscreen is getting upset.
>
> This is enabled by default on the Raptor. And is only supposed to be used
> when a flood attack is suspected.
>
> To turn it off goto the properties of the External Interface and in Options,
> uncheck SYN flood protection.
>
> see how you go
>
> cheers
>
> Peter Crowder
>
> Systems Engineer
> E-Secure-IT Alert Centre
> www.e-secure-it.co.nz
>
> -----Original Message-----
> From: efleckles at goodsill.com [mailto:efleckles at goodsill.com]
> Sent: Wednesday, March 06, 2002 12:31 PM
> To: list at dshield.org
> Subject: [Dshield] raptor vs. netscreen
>
> I hope this doesn't start a wwf style brawl, as can happen when one asks for
> opinions concerning certain products.  Here's the extremely brief scenario:
> I have a raptor firewall, and my client has a netscreen firewall.  He has
> been unable to send email to my firm.  We went through agonizing
> troubleshooting methods to determine why his server would/could not finalize
> the handshake.  As it turns out, raptor adds 1,000,000 to the last ack
> sequence number to force a client reset- prevents IP spoofing and other
> types of attacks.  However, netscreen uses really tight tcp/ip sequence
> checking (not very effective from what i've read, can still be hijacked by
> man-in-the-middle style attacks), and thus drops the connection when raptor
> modifies the packets.
> I have been on the phone for the last several days with both vendors, each
> stating that their method is the best it's the other guys fault -
> specifically netscreen states raptors trick is non rfc compliant, while
> symantec states that it is within the rfc bounds and all they have to do is
> turn off sequence checking on the netscreen box.  Obviously my client does
> not wish to alter his firewall configuration, and I feel very stuck as I
> would probably be the same way in his shoes.  Anybody have any thoughts on
> this?  I would love to be able to effectively convince him that my firewall
> is not being the troublemaker, and that it's a non issue to disable the
> sequence checking.
>
> TIA for all help
>
> Eric Fleckles, MCSE
> Technology Administrator
> Goodsill Anderson Quinn & Stifel
> (808)547-5821
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see:
> http://www1.dshield.org/mailman/listinfo/list
>
> _______________________________________________
> Dshield mailing list
> Dshield at dshield.org
> To change your subscription options (or unsubscribe), see: http://www1.dshield.org/mailman/listinfo/list




More information about the list mailing list