For the last two weeks whenever I try to run an update on any of the machines in the network the Sonicwall firewall is logging an error "Probable TCP NULL scan dropped" with a source IP of the Windows Update servers, and the website never finishes loading.
I've got a server which is connected to a second internet connection. I tried it there just through lynx, and it worked. I changed the default gateway to our main internet connection and it wouldn't.
I've found a few references to this problem through Google searches, but no answers. Has anyone found a solution to this problem before.
edit: I found this
if we send a packet to a remote system in which all the flags are turned off (That is, set to NULL), then the remote system would actually not know what to do with the packet or in other words, it would not know what this packet was meant for.
You see, each flag is supposed to perform a particular function. According to the function that you wish to perform, the various TCP flags are turned on and turned off. Now, when the client sends a packet with all the flags turned off, then the server has absolutely no idea as to what it has to do with the packet or as to why the client sent the packet. If the NULL packet is directed to an open port, then the service running on that port replies with a error message. However, if the NULL packet is directed to a closed port, then the remote system replies with a RST or reset because the NULL packet it received did not contain enough information to establish a connection.
http://www.experts-exchange.com/Hardware/Networking_Hardware/Q_23007755.html
If what was said is true, why am I not having any trouble when I use another internet connection?
I ended up routing my WSUS traffic out through another internet connection that didn't have a sonicwall firewall.