I am not sure about the Pix, but Checkpoint running on Solaris or NT could have different timeout values based on the OS. Also the administrator could have modified the setting, I know when we build firewalls, we modify the OS config to reduce the timeout in order to reduce number of concurrent connections. Thanks, Scott Davis Internet Security Specialist T.Rowe Price (410) 345-3153 Work -----Original Message----- From: Mr.P.Taylor [mailto:petert@imagine-sw.com] Sent: Wednesday, May 30, 2001 4:47 PM To: PEN-TESTat_private Subject: identifying if checkpoint uses a 60sec timeout for establishing a 3way and PIX uses a 300sec timeout (which seems too large but it's all the info I could find on it) and Gauntlet uses ??? could you not just send the intial syn wait the timeout value then try to complete the handshake? After exceeding the timeout value would the socket not be closed and would you not get a RST back thus identifying by timeout?
This archive was generated by hypermail 2b30 : Thu May 31 2001 - 19:21:55 PDT