Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 8 replies
  • Subscribers 2 subscribers
  • Views 7320 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Suspicious TCP state ?

Sn@g9l3pu5s
How do you know if Suspicious TCP state are being reject or Drop

I am seeing a lot the logs 

09:48:58  Suspicious TCP state  TCP 174.36.179.119  :  6005 ? 
209.200.9.78  :  3584 [ACK SYN]  len=40  ttl=105  tos=0x00


08:52:14  Suspicious TCP state  TCP 74.208.172.18  :  80 ?  209.200.9.78  :  1234   [ACK RST]  len=40  ttl=52 tos=0x00 

 how would i know if they were drop, reject or do UTM9 just let them pass


This thread was automatically locked due to age.
Parents
  • 0
    Hi Cirra,

    The only way I know of around 60009 is to disable "Use strict TCP session handling" in the advanced tab of the firewall. That checkbox governs the STRICT_TCP_STATE chain which 60009 is attached to.
Reply
  • 0
    Hi Cirra,

    The only way I know of around 60009 is to disable "Use strict TCP session handling" in the advanced tab of the firewall. That checkbox governs the STRICT_TCP_STATE chain which 60009 is attached to.
Children
No Data