Re: AW: Online Banking Issues

• From: "John Tolmachoff \(Lists\)" <johnlist@xxxxxxxxxxxxxxxxxxx>
• To: "'[ISAserver.org Discussion List]'" <isalist@xxxxxxxxxxxxx>
• Date: Thu, 26 Jun 2003 09:58:54 -0700

Just tried what?

What version of IE?
What OS?
All SP and patches?

John Tolmachoff MCSE CSSA
Engineer/Consultant
eServices For You
www.eservicesforyou.com


> -----Original Message-----
> From: Jeff Sloan [mailto:jsloan@xxxxxxxxxxxx]
> Sent: Thursday, June 26, 2003 8:42 AM
> To: [ISAserver.org Discussion List]
> Subject: [isalist] Re: AW: Online Banking Issues
> 
> http://www.ISAserver.org
> 
> 
> Just tried that, it didn't work...Thanks, though.
> 
> Jeff Sloan
> Network Administrator
> Cross Oil Refining & Marketing, Inc.
> 484 E. 6th St.
> Smackover, AR 71762
> 
> Phone 870-864-8688
> Fax     870-864-8689
> Cell     870-866-9941
> 
> 
> 
> -----Original Message-----
> From: John Tolmachoff (Lists) [mailto:johnlist@xxxxxxxxxxxxxxxxxxx]
> Sent: Thursday, June 26, 2003 9:23 AM
> To: ISALists
> Subject: [isalist] Re: AW: Online Banking Issues
> 
> 
> http://www.ISAserver.org
> 
> 
> > This is what I am suspecting, and I have no problem making a registry
> > =
> change for
> > the oddball site, or a config file change if needed for the = same
> > thing,
> but for
> > national banking firms, they better get their = 'stuff' strait. They
> > still
> say they are
> > working with Microsoft to get it = fixed. I'll let the group know when
> they get it fixed,
> > and what they did = if they will tell me.
> 
> Before we shoot the site programmers, it may not be entirely there
> fault.
> 
> I still have a suspicion that it is more of a security firewall issue.
> 
> Here is my conclusion on the issue I was working on for a client a month
> ago:
> 
> "05/19/03 6:00 PM Case wrapup. It appears this issued was caused by a
> change in the way WellsFargo does a security check on the inbound
> packets. The SonicWall is set to fragment outgoing packets at 1404 to
> resovle a blackhole router issue setting up VPN with Toronto, that was
> done in December of 2001. Normally then, if the client does not discover
> the recipient MTU, the firewall will repackage the packets to the small
> size. I received more information about this from the Imail Forum group
> where one person said they are probably blocking ICMP Code 3 Type 4
> which would screw up the MTU path discovery, which would have allowed
> the client to switch automaticly to a smaller MTU size. So, by forcing
> the clients to use a MTU packet size of 1400, the outbound packets were
> never fragmented, and thereby never changed. This also requires updates
> Q810847 and Q813951 to be installed on the client."
> 
> So, if the client, or even their firewall/router, is not able to
> discover the MTU path, and the packets are fragmented at some point, the
> problem appears. This is also why the problem does not occur with
> regular websites, only SSL where there is additional overhead added to
> the packets.
> 
> John Tolmachoff MCSE CSSA
> Engineer/Consultant
> eServices For You
> www.eservicesforyou.com
> 
> 
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com No.1
> Exchange Server Resource Site: http://www.msexchange.org Windows
> Security Resource Site: http://www.windowsecurity.com/ Network Security
> Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions:
> http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> jsloan@xxxxxxxxxxxx To unsubscribe send a blank email to
> $subst('Email.Unsub')
> 
> ------------------------------------------------------
> List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
> ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
> ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
> ------------------------------------------------------
> Other Internet Software Marketing Sites:
> Leading Network Software Directory: http://www.serverfiles.com
> No.1 Exchange Server Resource Site: http://www.msexchange.org
> Windows Security Resource Site: http://www.windowsecurity.com/
> Network Security Library: http://www.secinf.net/
> Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com
> ------------------------------------------------------
> You are currently subscribed to this ISAserver.org Discussion List as:
> johnlist@xxxxxxxxxxxxxxxxxxx
> To unsubscribe send a blank email to $subst('Email.Unsub')

Other related posts:

• » AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues
• » Re: AW: Online Banking Issues

1. Home
2. isalist
3. Archive
4. 06-2003

---

• » Previous by Date
• » Next by Date
• » Related Posts
• » View list details
• » Manage your subscription

---