lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list] 
Date: Thu Feb 23 12:18:43 2006
From: Michal.Grzybczyk at vattenfall.pl (Michal.Grzybczyk@...tenfall.pl)
Subject: Firewall bug or not ?

Hi,

 

I have problem with connections through Cisco PIX  ( ver. 6.3 )

 

During connection to Web site, suddenly after choosing next page on one form

the connection was broken.  ( WEB with  aspx and javascript )

 

Using traffic to this Web site through Checkpoint

it works. Tested from different sites where I suppose

were not PIX and it has worked !

 

 

Is it bug on PIX or Checkpoint ?

 

-------------------

In my log on PIX :

 

Feb 23 07:28:41 PIX-ADR %PIX-6-302013: Built outbound TCP connection 417324

304 for outside: OUT-WEB-SERV /80 (OUT-WEB-SERV/80) to inside: LOCAL-PC/1154

(STATIC-IP-ON-PIX/1154)

 

Feb 23 07:28:41 PIX-ADR %PIX-5-304001: LOCAL-PC  Accessed URL OUT-WEB-SERV:/images/px.gif

 

Feb 23 07:28:42 PIX-ADR %PIX-6-302014: Teardown TCP connection 417324304 fo

r outside: OUT-WEB-SERV/80 to inside: LOCAL-PC /1154 duration 0:00:01 bytes 52

93 TCP Reset-I

 

Feb 23 07:28:42 PIX-ADR  %PIX-6-106015: Deny TCP (no connection) from LOCAL-PC/1154 

to OUT-WEB-SERW /80 flags RST  on interface inside

 

Feb 23 07:28:42 PIX-ADR  %PIX-6-106015: Deny TCP (no connection) from LOCAL-PC /1154 

to OUT-WEB-SERW /80 flags RST  on interface inside

 

Feb 23 07:28:42 PIX-ADR  %PIX-6-302014: Teardown TCP connection 417324262 fo

r outside: OUT-WEB-SERV/80 to inside: LOCAL-PC /1153 duration 0:00:01 bytes 45

634 TCP FINs

 

 

 

It looks like this WEB application send packet with  RST against FIN and then

try to resend traffic to my PC but PIX doesn't allow to connect treated  RST as just reset connection.

 

 

Why for example Checkpoint allow to keep this connection ?

Any bug ? 

 

 

Thanks in advance !

 

 

Regards,

Michal Grzybczyk

-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20060223/e180f6f4/attachment.html

Powered by blists - more mailing lists