[9.185][BUG] Many Suspicious TCP state log entry's

I've configured for android phones a Proxy Profile with transparent scanning and no HTTPS Scan. My firewall log shows many Suspicious TCP state entry's. See following extract:
Same result if I use Lync client on my notebook with same scan Settings.


17:44:40 Suspicious TCP state TCP 

192.168.24.69 : 40437

→ 

173.194.70.188 : 5228

 

[ACK PSH] len=145 ttl=63 tos=0x00 srcmac=1c:7b:21:9d:7c:53 dstmac=0:15:5d:18:3:1b

17:44:50 Suspicious TCP state TCP 

192.168.24.69 : 37988

→ 

173.252.79.23 : 443

 

[ACK PSH] len=245 ttl=63 tos=0x00 srcmac=1c:7b:21:9d:7c:53 dstmac=0:15:5d:18:3:1b

17:44:52 Suspicious TCP state TCP 

192.168.24.69 : 43438

→ 

173.194.112.67 : 443

 

[ACK] len=52 ttl=63 tos=0x00 srcmac=1c:7b:21:9d:7c:53 dstmac=0:15:5d:18:3:1b

17:44:52 Suspicious TCP state TCP 

192.168.24.69 : 42822

→ 

173.194.112.67 : 443

 

[ACK] len=52 ttl=63 tos=0x00 srcmac=1c:7b:21:9d:7c:53 dstmac=0:15:5d:18:3:1b

17:44:52 Suspicious TCP state TCP 

192.168.24.69 : 43438

→ 

173.194.112.67 : 443

 

[ACK] len=64 ttl=63 tos=0x00 srcmac=1c:7b:21:9d:7c:53 dstmac=0:15:5d:18:3:1b

17:44:52 Suspicious TCP state TCP 

192.168.24.69 : 42822

→ 

173.194.112.67 : 443

 

[ACK] len=64 ttl=63 tos=0x00 srcmac=1c:7b:21:9d:7c:53 dstmac=0:15:5d:18:3:1b

17:44:52 Suspicious TCP state TCP 

192.168.24.69 : 43438

→ 

173.194.112.67 : 443

 

[ACK] len=64 ttl=63 tos=0x00 srcmac=1c:7b:21:9d:7c:53 dstmac=0:15:5d:18:3:1b

17:44:53 Suspicious TCP state TCP 

192.168.24.69 : 40321

→ 

173.252.79.23 : 443

 

[ACK PSH] len=245 ttl=63 tos=0x00 srcmac=1c:7b:21:9d:7c:53 dstmac=0:15:5d:18:3:1b

17:44:54 Suspicious TCP state TCP 

192.168.24.69 : 37988

→ 

173.252.79.23 : 443

 

[RST] len=40 ttl=63 tos=0x00 srcmac=1c:7b:21:9d:7c:53 dstmac=0:15:5d:18:3:1b

17:44:54 Suspicious TCP state TCP 

192.168.24.69 : 37988

→ 

173.252.79.23 : 443

 

[RST] len=40 ttl=63 tos=0x00 srcmac=1c:7b:21:9d:7c:53 dstmac=0:15:5d:18:3:1b

The lync client disconnects the connection often if I use non https scanning. With "URL Filtering only", the client seems to work without disconnections.

regards
mod

Parents

0 mod2402 over 11 years ago

hi frank,
try following with your path.
asg:/root # rpm -e ep-mdw-9.20-138.gf30f66b.i686
asg:/root # rpm -ivh /tmp/ep-mdw-9.20-0.140519226.gefa467a.i686.rpm
Preparing... ########################################### [100%]
1:ep-mdw ########################################### [100%]
asg:/root #
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel
0 TKITFrank over 11 years ago in reply to mod2402

hi frank,
try following with your path.
asg:/root # rpm -e ep-mdw-9.20-138.gf30f66b.i686
asg:/root # rpm -ivh /tmp/ep-mdw-9.20-0.140519226.gefa467a.i686.rpm
Preparing... ########################################### [100%]
1:ep-mdw ########################################### [100%]
asg:/root #

Hi,

It does work [:)]

However I still get lots of dissconnects when using my SSL VPN portal. I connect to it via https and from there I connect via an RDP session using JAVA tunnel. The RDP session gets blocked by the packetfilter and drops.

Removing the Strict filter checks fixes the issues. So I am afraid this rpm did not solv my issue. [:(]

Best Regards,
Frank
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Reply

0 TKITFrank over 11 years ago in reply to mod2402

hi frank,
try following with your path.
asg:/root # rpm -e ep-mdw-9.20-138.gf30f66b.i686
asg:/root # rpm -ivh /tmp/ep-mdw-9.20-0.140519226.gefa467a.i686.rpm
Preparing... ########################################### [100%]
1:ep-mdw ########################################### [100%]
asg:/root #

Hi,

It does work [:)]

However I still get lots of dissconnects when using my SSL VPN portal. I connect to it via https and from there I connect via an RDP session using JAVA tunnel. The RDP session gets blocked by the packetfilter and drops.

Removing the Strict filter checks fixes the issues. So I am afraid this rpm did not solv my issue. [:(]

Best Regards,
Frank
Cancel
Vote Up 0 Vote Down

Sign in to reply

Verify Answer

Cancel

Children

No Data