[ale] Idle Sockets vs. Firewall question

Greg Freemyer greg.freemyer at gmail.com
Fri Oct 20 12:29:32 EDT 2006


On 10/20/06, Christopher Fowler <cfowler at outpostsentinel.com> wrote:
>
> If you control the device at the other end I would tweak the
> tcp_keepalive settings in the kernel.  Maybe drop it down from 2 hours
> to 10 minutes.  I do not know if the firewalls will consider that
> traffic or not.
>
> Interesting approach.

I could likely get that adjusted in the Server.  Would that work?

(Can't say for sure we would be allowed to due to IT standards, etc.  My
client is a big company and their IT group can be very, very difficult to
work with.  When we need root level access my guys have to stand over the
shoulder of one of their people that do the actual typing.  And all such
root level work has to submitted in advance for approval by a committee.
Fun huh.).

FYI: The client machines are XP based and spread broadly across the country
(about 500 sites), so I'm not sure it would be reasonable to try and
reconfigure all of them.  Probably easier to update the code to add a
heartbeat and simply update the WAR file in Tomcat which in turn causes a
more or less automated re-deploy of the Java Applets to the field.

Greg
-- 
Greg Freemyer
The Norcross Group
Forensics for the 21st Century
-------------- next part --------------
An HTML attachment was scrubbed...




More information about the Ale mailing list