Thread: FTP over SSL fails with VPN-1/FireWall-1
View Single Post
  #4 (permalink)  
Old 2006-07-24
ddiggler ddiggler is offline
Junior Member
  
Join Date: 2006-07-23
Posts: 6
Rep Power: 0
ddiggler has an average reputation (10+)
Default Re: FTP over SSL fails with VPN-1/FireWall-1
Here are the log entries. I tried updating and disabling SmartDefense with the same outcome. There is an outbound FTP(21) connection to the customer then the customer tries to connect back on the translated source port. I am going to setup some VM sessions to try to replicate the problems. I can't put these new firewalls back in because of the same IP's.

Number: 138657
Date: 22Jul2006
Time: 23:27:37
Product: VPN-1 Pro/Express
Interface: eth2
Origin: <Active_Node>
Type: Log
Action: Accept
Protocol: tcp
Service: ftp (21)
Source: <DMZ_Device>
Destination: <External_Customer>
Rule: 26
Current Rule Number: 26-Standard
Rule Name: Outbound Connect
NAT rule number: 14
NAT additional rule number: 0
Source Port: 1757
XlateSrc: <DMZ_Device_NAT>
Information: service_id: ftp


Number: 138669
Date: 22Jul2006
Time: 23:27:42
Product: SmartDefense
Interface: eth1
Origin: <Active_Node>
Type: Log
Action: Monitor Only
Protocol: tcp
Service: ftp (21)
Source: <DMZ_Device>
Destination: <External_Customer>
Source Port: 1757
Attack Name: FTP Bounce
Attack Information: The packet was modified due to a potential Bounce Attack (Telnet Options)


Number: 138726
Date: 22Jul2006
Time: 23:27:53
Product: SmartDefense
Origin: <Active_Node>
Type: Alert
Action:
Protocol: tcp
Service: ftp (21)
Source: <DMZ_Device>
Destination: <External_Customer>
Source Port: 1754
Attack Name: FTP Bounce
Attack Information: The packet was modified due to a potential Bounce Attack (Telnet Options)
Information: Total logs: 2
Suppressed logs: 1


Number: 138727
Date: 22Jul2006
Time: 23:27:53
Product: SmartDefense
Origin: <Active_Node>
Type: Alert
Action:
Protocol: tcp
Service: 1754
Source: <External_Customer>
Destination: <DMZ_Device_NAT>
Source Port: ftp (21)
Attack Name: FTP Bounce
Attack Information: The packet was modified due to a potential Bounce Attack (Telnet Options)
Information: Total logs: 4
Suppressed logs: 3


Number: 139321
Date: 22Jul2006
Time: 23:29:42
Product: SmartDefense
Origin: <Active_Node>
Type: Alert
Action:
Protocol: tcp
Service: 1757
Source: <External_Customer>
Destination: <DMZ_Device_NAT>
Source Port: ftp (21)
Attack Name: FTP Bounce
Attack Information: The packet was modified due to a potential Bounce Attack (Telnet Options)
Information: Total logs: 6
Suppressed logs: 5
Reply With Quote