| reply to HELLFIRE
Re: Burned by IP INSPECT -- My Own Personal Journey @nosx
I've got the packet captures, and like I said, they definately show a syn/synack/ack setup, then a RST packet
almost immediately after. "ip inspect log-drop-packet" didn't offer much more than indicating dropping
a packet with 0x5010 flags (SYN) from said PC updating JDownloader, which didn't tell a whole lot.
I don't do a whole lot of programming, and I'd THINK Java had a standard TCPIP IO library SOMEwhere, unless
like you said, the devs of JDownloader wrote their own. Anywho, the cause has been determined, how much
time and effort I want to hunting this down is in my court now.
@aryoba
Thanks for the advice, will keep it in mind. Like I said in the beginning, nearly ALL HTTP/S traffic I ever ran
with CBAC on didn't have an issue; I don't think I use all possible HTTP/S connections out there, but all the typical
stuff these days -- std HTTP/S pages, logins, youtube, HTTP downloads, etc. ALL played nicely EXCEPT JDownloader
updates which used an HTTPGET BUT "ip inspect http" SOMEhow thought it was not a valid setup / connection
and killed the session.
said by aryoba:This is one of the reason why I prefer to work for small companies with tight relationship across highly technical people who actually know what they are doing; networks, servers, developers. The goal is about get things done quickly and efficiently without politics and finger pointing 
Always the goal / dream, never the reality....
Regards |
|
aryobaPremium,MVM
join:2002-08-22
kudos:3 | said by HELLFIRE:@aryoba
Thanks for the advice, will keep it in mind. Like I said in the beginning, nearly ALL HTTP/S traffic I ever ran
with CBAC on didn't have an issue; I don't think I use all possible HTTP/S connections out there, but all the typical
stuff these days -- std HTTP/S pages, logins, youtube, HTTP downloads, etc. ALL played nicely EXCEPT JDownloader
updates which used an HTTPGET BUT "ip inspect http" SOMEhow thought it was not a valid setup / connection
and killed the session.
This is not the first time some "legitimate" HTTP/HTTPS application get zapped. It is possible that the application does not employ standard RFC somewhere hence the zapper sees them as illegitimate traffic to zap. It is then about tune the zapping level in addition to be using the trusted/proven zapping method and/or appliance. |
|
aryobaPremium,MVM
join:2002-08-22
kudos:3 | reply to HELLFIRE
said by HELLFIRE:said by aryoba:This is one of the reason why I prefer to work for small companies with tight relationship across highly technical people who actually know what they are doing; networks, servers, developers. The goal is about get things done quickly and efficiently without politics and finger pointing
Always the goal / dream, never the reality.... In today's struggling economy, it has been more difficult to find such company. From my experience, you simply have to be willing to learn anything, connecting with the right social network, and keep looking for companies that will see you as asset and not cost. Good luck in searching |
|
|
|
nosx
join:2004-12-27
00000
kudos:5 | See im the exact opposite, I wont ever work for small businesses again. The large multinational 2b-20b range is a great place. they have enough incentive to prioritize stability for existing revenue over the quest for new revenue and invest heavily in both the talent and infrastructure that make it a good place to lead. The smaller guys were always full of nepatism cronyism and the chronic underfunding of critical infrastructure. Id rather not work somewhere that decides to be single threaded and then call me at 3am because something broke. |
|
aryobaPremium,MVM
join:2002-08-22
kudos:3
1 edit | said by nosx:See im the exact opposite, I wont ever work for small businesses again. The large multinational 2b-20b range is a great place. they have enough incentive to prioritize stability for existing revenue over the quest for new revenue and invest heavily in both the talent and infrastructure that make it a good place to lead. The smaller guys were always full of nepatism cronyism and the chronic underfunding of critical infrastructure. Id rather not work somewhere that decides to be single threaded and then call me at 3am because something broke.
From my experience, basically the key is to work for a company that sees you as regarded asset instead of costs regardless of the company size. Since we are in IT business (specifically network), the company then has to be technology-heavy-invested one that sees having bleeding edge or most advanced network as critical requirement to business prospective. You will have higher visibility to management (possibly higher level of regarded assets) as you work closer to serving the management directly (report directly to CTO or CEO certainly have such high visibility compared to report to some manager).
Realistically speaking, there are only handful of companies that offer network engineering work opportunities to report directly to CTO or CEO. The list is getting shorter when you add requirement such as big bonuses or compensations |
|
