In some mail from Ofir Arkin, sie said: > > I will try to focus more on the subject. > > FW-1 do accept: ACK, SYN-ACK, NULL, FIN-ACK (and more) as valid > traffic if they match the rule base, even if no connection establishment > was in progress and no session state was in the firewalls table. [...] FW-1's behaviour in this respect has been discussed at length in the past and last year a patch was released by them for their base INSPECT code which changed the behaviour to not be this way. A patch, which fixes this problem, was made available due to DoS problems. I believe this URL will help you: http://www.checkpoint.com/techsupport/alerts/ackdos.html Darren
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 15:29:36 PDT