This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

8.200 Roku not working

after applying my ROKU stoped working and I was getting the following with Amizon Prime streaming. I had to turn off protacal handling to get amazon to start working. Netflix is also broke but don't see any blocking in the web filter or the applacation filter. It could be that netflix is down and will keep trying but amazon for sure was having issues with the protacal handler. I do have the Roku defined to bypass the web proxy and it was working just before update with 8.103
:34 Spoofed packet TCP 192.168.3.21 : 60548
→ 204.0.5.49 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:34 Spoofed packet TCP 192.168.3.21 : 36355
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:34 Spoofed packet ICMP 192.168.3.12
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:5e:ec:c3 dstmac=0:1a:8c:a:8c:1

20:02:37 Spoofed packet TCP 192.168.3.18 : 4089
→ 58.61.38.177 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=7c[:D]d:90:5:2d[:D]8 dstmac=0:1a:8c:a:8c:1

20:02:40 Spoofed packet ICMP 192.168.3.21
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:40 Spoofed packet TCP 192.168.3.21 : 60546
→ 204.0.5.49 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:40 Spoofed packet TCP 192.168.3.21 : 60547
→ 204.0.5.49 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:40 Spoofed packet TCP 192.168.3.21 : 60548
→ 204.0.5.49 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:40 Spoofed packet TCP 192.168.3.21 : 36355
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:42 Spoofed packet ICMP 192.168.3.12
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:5e:ec:c3 dstmac=0:1a:8c:a:8c:1

20:02:47 Spoofed packet ICMP 192.168.3.21
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:48 Spoofed packet TCP 192.168.3.18 : 4090
→ 58.61.38.177 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=7c[:D]d:90:5:2d[:D]8 dstmac=0:1a:8c:a:8c:1

20:02:48 Spoofed packet ICMP 192.168.3.12
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:5e:ec:c3 dstmac=0:1a:8c:a:8c:1

20:02:51 Suspicious TCP state TCP 64.233.242.7 : 41967
→ 64.191.223.36 : 80
[ACK PSH FIN] len=52 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:02:51 Spoofed packet TCP 192.168.3.18 : 4090
→ 58.61.38.177 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=7c[:D]d:90:5:2d[:D]8 dstmac=0:1a:8c:a:8c:1

20:02:51 Spoofed packet TCP 192.168.3.21 : 60546
→ 204.0.5.49 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:51 Spoofed packet TCP 192.168.3.21 : 60547
→ 204.0.5.49 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:51 Spoofed packet TCP 192.168.3.21 : 60548
→ 204.0.5.49 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:52 Spoofed packet TCP 192.168.3.21 : 36355
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:54 Spoofed packet ICMP 192.168.3.21
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:02:56 Spoofed packet ICMP 192.168.3.12
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:5e:ec:c3 dstmac=0:1a:8c:a:8c:1

20:02:57 Spoofed packet TCP 192.168.3.18 : 4090
→ 58.61.38.177 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=7c[:D]d:90:5:2d[:D]8 dstmac=0:1a:8c:a:8c:1

20:03:01 Spoofed packet ICMP 192.168.3.21
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:01 Spoofed packet TCP 192.168.3.21 : 36370
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:01 Spoofed packet TCP 192.168.3.21 : 36371
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:01 Spoofed packet TCP 192.168.3.21 : 36372
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:01 Spoofed packet TCP 192.168.3.21 : 60568
→ 204.0.5.49 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:03 Spoofed packet ICMP 192.168.3.12
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:5e:ec:c3 dstmac=0:1a:8c:a:8c:1

20:03:03 Default DROP TCP 64.233.242.7 : 59648
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:03:04 Spoofed packet TCP 192.168.3.21 : 36370
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:04 Spoofed packet TCP 192.168.3.21 : 36371
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:04 Spoofed packet TCP 192.168.3.21 : 36372
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:04 Spoofed packet TCP 192.168.3.21 : 60568
→ 204.0.5.49 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:06 Default DROP TCP 64.233.242.7 : 59648
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:03:08 Spoofed packet ICMP 192.168.3.21
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:08 Spoofed packet UDP 192.168.3.18 : 2556
→ 192.168.1.1 : 53
len=59 ttl=64 tos=0x00 srcmac=7c[:D]d:90:5:2d[:D]8 dstmac=0:1a:8c:a:8c:1

20:03:10 Spoofed packet ICMP 192.168.3.12
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:5e:ec:c3 dstmac=0:1a:8c:a:8c:1

20:03:10 Spoofed packet TCP 192.168.3.21 : 36370
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:10 Spoofed packet TCP 192.168.3.21 : 36371
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:10 Spoofed packet TCP 192.168.3.21 : 36372
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:10 Spoofed packet TCP 192.168.3.21 : 60568
→ 204.0.5.49 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:12 Default DROP TCP 64.233.242.7 : 59648
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:03:15 Spoofed packet ICMP 192.168.3.21
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:17 Spoofed packet ICMP 192.168.3.12
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:5e:ec:c3 dstmac=0:1a:8c:a:8c:1

20:03:18 Spoofed packet UDP 192.168.3.18 : 2556
→ 192.168.1.1 : 53
len=59 ttl=64 tos=0x00 srcmac=7c[:D]d:90:5:2d[:D]8 dstmac=0:1a:8c:a:8c:1

20:03:22 Spoofed packet ICMP 192.168.3.21
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:22 Spoofed packet TCP 192.168.3.21 : 36370
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:22 Spoofed packet TCP 192.168.3.21 : 36371
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:22 Spoofed packet TCP 192.168.3.21 : 36372
→ 204.0.5.34 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:22 Spoofed packet TCP 192.168.3.21 : 60568
→ 204.0.5.49 : 80
[SYN] len=60 ttl=64 tos=0x00 srcmac=0[:D]:4b:7a:89:e5 dstmac=0:1a:8c:a:8c:1

20:03:24 Spoofed packet ICMP 192.168.3.12
→ 192.168.3.1
len=212 ttl=64 tos=0x00 srcmac=0[:D]:4b:5e:ec:c3 dstmac=0:1a:8c:a:8c:1

20:03:28 Spoofed packet UDP 192.168.3.18 : 2556
→ 192.168.1.1 : 53
len=59 ttl=64 tos=0x00 srcmac=7c[:D]d:90:5:2d[:D]8 dstmac=0:1a:8c:a:8c:1

This thread was automatically locked due to age.

0 MarkMurphy over 14 years ago

I am getting this in the firewall log when netflix tryes to connect with Roku. This is not good!!

20:22:32 Default DROP TCP 64.233.242.7 : 55106
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:22:32 Default DROP TCP 64.233.242.7 : 55106
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

Netflix started working but also stops with protocal handling turned on with the spoofed packets detected.

20:22:35 Default DROP TCP 64.233.242.7 : 55106
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:22:35 Default DROP TCP 64.233.242.7 : 55106
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:22:41 Default DROP TCP 64.233.242.7 : 55106
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:22:41 Default DROP TCP 64.233.242.7 : 55106
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:23:23 Default DROP TCP 64.233.242.7 : 55108
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:23:26 Default DROP TCP 64.233.242.7 : 55108
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:23:32 Default DROP TCP 64.233.242.7 : 55108
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:24:14 Default DROP TCP 64.233.242.7 : 55109
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:24:17 Default DROP TCP 64.233.242.7 : 55109
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c

20:24:22 Default DROP 2 172.29.255.62
→ 224.0.0.1
len=32 ttl=1 tos=0x00 srcmac=0:1:5c:31[:D]c:1 dstmac=0:11:95:29[:D]b:1c

20:24:22 Default DROP TCP 64.233.242.7 : 55109
→ 79.125.99.225 : 5260
[SYN] len=56 ttl=64 tos=0x00 srcmac=0:11:95:29[:D]b:1c
Cancel
Vote Up 0 Vote Down

Cancel
0 MarkMurphy over 14 years ago

Found another issue. I have a Samsung Focus Windows 7 phone. After update it will not pull a DHCP address after getting one for the first time through the Astaro wireless AP. Configuration is AP configured as another network 192.168.3.0/24. Phone conects gets a address but when it has to reconect it does not get the address and will not connect. Firewall is setup with DHCP and when phone tryes to connect I get this in the logs
2011:07:21-22:11:40 edge dhcpd: DHCPDISCOVER from b4:07:f9:a4:93:9a via wlan1

2011:07:21-22:11:40 edge dhcpd: DHCPOFFER on 192.168.3.15 to b4:07:f9:a4:93:9a via wlan1

2011:07:21-22:11:44 edge dhcpd: DHCPDISCOVER from b4:07:f9:a4:93:9a via wlan1

2011:07:21-22:11:44 edge dhcpd: DHCPOFFER on 192.168.3.15 to b4:07:f9:a4:93:9a via wlan1

2011:07:21-22:11:52 edge dhcpd: DHCPDISCOVER from b4:07:f9:a4:93:9a via wlan1

2011:07:21-22:11:52 edge dhcpd: DHCPOFFER on 192.168.3.15 to b4:07:f9:a4:93:9a via wlan1

2011:07:21-22:11:55 edge dhcpd: DHCPDISCOVER from b4:07:f9:a4:93:9a via wlan1

2011:07:21-22:11:55 edge dhcpd: DHCPOFFER on 192.168.3.15 to b4:07:f9:a4:93:9a via wlan1

2011:07:21-22:11:56 edge dhcpd: DHCPDISCOVER from b4:07:f9:a4:93:9a via wlan1
Cancel
Vote Up 0 Vote Down

Cancel
0 utm_kid over 14 years ago in reply to MarkMurphy

Hi ,
There is know issuse with 8.200 with spoof can u pls try to disable spoof /spoof off in Network security>>firewall>>>Advancded
https://community.sophos.com/products/unified-threat-management/astaroorg/f/110/t/71121
thx
Cancel
Vote Up 0 Vote Down

Cancel
0 MarkMurphy over 14 years ago

yes when turned off Roku is working fine now. Will wait for the fix before turning it back on.

Thanks
Cancel
Vote Up 0 Vote Down

Cancel
0 utm_kid over 14 years ago in reply to MarkMurphy

sorry ,what is Roku ?
Cancel
Vote Up 0 Vote Down

Cancel
0 Scott_Klassen over 14 years ago

Streaming media player. Roku Streaming Player | Watch Netflix, Hulu Plus, Amazon Instant Video, Crackle and More on Roku Player

__________________
ACE v8/SCA v9.3

...still have a v5 install disk in a box somewhere.

http://xkcd.com
http://www.tedgoff.com/mb
http://www.projectcartoon.com/cartoon/1
Cancel
Vote Up 0 Vote Down

Cancel
0 utm_kid over 14 years ago in reply to Scott_Klassen

Thanks Scott Sir ,

I thought its was part of asg
Cancel
Vote Up 0 Vote Down

Cancel
0 cybermuz over 14 years ago

Just an FYI, Netflix had a major outage yesterday.
Cancel
Vote Up 0 Vote Down

Cancel