TMS zl Module Release Notes ST.1.1.100330
14
Software Fixes in Releases ST.1.0.090213 - ST.1.1.100330
Release ST.1.0.090603
time="2009-03-30 09:17:09" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="FW: packet with
invalid tcp flags found, packets dropped" srczone=INTERNAL
src=192.168.0.134 srcport=18155 dstzone=EXTERNAL dst=192.168.1.128
dstport=80 proto=TCP subfamid=packetheaderanomaly mtype=attack
mid=625
The log messages are no longer logged as critical. Instead the log message is displayed with
severity as warning and with the priority as 4.
■ PR_38246 — Log messages with message IDs of 685 and 651 are logged as critical when
they are not critical.
time="2009-03-25 15:51:17" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="MCAST: packet
spoof detected" srczone=INTERNAL src=10.1.70.1 srcport=0
dstzone=UNKNOWN_ZONE dst=224.0.0.1 dstport=0 proto=IGMP subf-
amid=ipspoofing mtype=attack duplicatecount=5 mid=685
time="2009-03-25 15:48:47" severity=critical pri=1
fw=ProCurve-TMS-zl-Module id=fw_l2l3_attack msg="ICMP: Duplicate
ICMP error message received, dropping packet" srczone=EXTERNAL
src=192.168.5.194 srcport=5060 dstzone=INTERNAL dst=192.168.6.194
dstport=5060 proto=UDP icmptype=3 subfamid=icmpreplayattack
mtype=attack mid=651 icmpcode=3
■ PR_38335 — Multicast firewall does not timeout IGMP related sessions properly when the
IGMP policy is deleted.
Example:
Multicast Sender (Zone1)<---> TMS <----> Multicast Receiver (INTERNAL)
1. Multicast group address 224.1.1.1 port 60.
2. Enable PIM and IGMP on both VLANs.
3. Setup an Access Policy for 224.1.1.1 port 60 from Zone1 to INTERNAL.
4. Setup an IGMP Policy.
5. Allow multicast traffic to pass.
6. Delete IGMP Policy.
Multicast Receiver can still receive traffic by sending IGMP Join messages to TMS zl Module.
■ PR_38532 — When Synflood Protection is disabled, log messages continue to be seen as if
it were enabled.
■ PR_38564 — The log message with the message ID of 648 is marked as critical should not be.