This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Suspicious TCP state ?

How do you know if Suspicious TCP state are being reject or Drop

I am seeing a lot the logs

09:48:58 Suspicious TCP state TCP 174.36.179.119 : 6005 ?
209.200.9.78 : 3584 [ACK SYN] len=40 ttl=105 tos=0x00

08:52:14 Suspicious TCP state TCP 74.208.172.18 : 80 ? 209.200.9.78 : 1234 [ACK RST] len=40 ttl=52 tos=0x00

how would i know if they were drop, reject or do UTM9 just let them pass

This thread was automatically locked due to age.

Parents

0 BAlfson over 12 years ago

It's not helpful to use the Live Log for analyzing "why" as it shows only a limited amount of information. Better to post here the same lines from the full log file.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 BAlfson over 12 years ago

It's not helpful to use the Live Log for analyzing "why" as it shows only a limited amount of information. Better to post here the same lines from the full log file.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 SalishSwede over 11 years ago in reply to BAlfson
I think the question is really quite valid.

Astaro appears to believe that "Strict TCP State" is in fact some sort of action. It's still not clear what the meaning of this 'action' is.

Here is a snipped from my firewall log.

2013:09:27-22:32:59 astaro ulogd[4782]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" outitf="ppp0" srcmac="36:f7:70:70:70:30" srcip="a.b.c.d" dstip="w.x.y.z" proto="6" length="52" tos="0x00"
Pretty much nonsensical in terms of tracking what is happening with the packet. Drop or not? Who knows?
Cancel
Vote Up 0 Vote Down

Cancel