Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 4 replies
  • Subscribers 2 subscribers
  • Views 3421 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Proxy <-> server srcport=8080 drops

dito
I have a Sophos Console Station behind an Astaro with HA support and everything. Astaro is 10.52.2.10 and it's also running a proxy, Sophos is 10.52.2.210 and it's going thru the proxy to get new software from Sophos sources. I see the following drops with source being the Astaro and Destination being the server with source port 8080 (while destination is an high random port).

Beside this I see no problems with my Sophos server, however, it's flooding syslog and when I look for something affecting the Sophos server I have to go thru huge pages of syslog.

Thank you in advance.

P.S. I've also excluded this from IPS after looking at this thread
https://community.sophos.com/products/unified-threat-management/astaroorg/f/75/t/64377

but it's not it, I've excluded the Sophos server from EVERYTHING (Intrusion Protection / Anti-Portscan / Anti-DoS/Flooding TCP / Anti-DoS/Flooding UDP / Anti-DoS/Flooding ICMP) both ways (in and out).


This thread was automatically locked due to age.
Parents
  • 0
    I forgot to add the log entries:

      
    Jun  4 17:14:00 dalfw01 2012:06:04-17:14:00 ulogd[5529]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth6" srcmac="0:1a:8c:f0:a9:66" srcip="10.52.2.10" dstip="10.52.2.210" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="8080" dstport="54615" tcpflags="RST"  
    Jun  4 17:14:02 dalfw01 2012:06:04-17:14:02 ulogd[5529]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth6" srcmac="0:1a:8c:f0:a9:66" srcip="10.52.2.10" dstip="10.52.2.210" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="8080" dstport="54615" tcpflags="RST"  
    Jun  4 17:14:07 dalfw01 2012:06:04-17:14:07 ulogd[5529]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth6" srcmac="0:1a:8c:f0:a9:66" srcip="10.52.2.10" dstip="10.52.2.210" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="8080" dstport="54615" tcpflags="RST"
Reply
  • 0
    I forgot to add the log entries:

      
    Jun  4 17:14:00 dalfw01 2012:06:04-17:14:00 ulogd[5529]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth6" srcmac="0:1a:8c:f0:a9:66" srcip="10.52.2.10" dstip="10.52.2.210" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="8080" dstport="54615" tcpflags="RST"  
    Jun  4 17:14:02 dalfw01 2012:06:04-17:14:02 ulogd[5529]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth6" srcmac="0:1a:8c:f0:a9:66" srcip="10.52.2.10" dstip="10.52.2.210" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="8080" dstport="54615" tcpflags="RST"  
    Jun  4 17:14:07 dalfw01 2012:06:04-17:14:07 ulogd[5529]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60003" outitf="eth6" srcmac="0:1a:8c:f0:a9:66" srcip="10.52.2.10" dstip="10.52.2.210" proto="6" length="40" tos="0x00" prec="0x00" ttl="64" srcport="8080" dstport="54615" tcpflags="RST"
Children
No Data