This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

OK I have tried everything else the only thing that remains is the UTM

Ok So I get  disconnected from Orgin Battlefield 4 and Guild Wars 2 game after about 10 to 20 minutes of play by either"
1) Could not Connect to EA server (1) message
2) Could not connect to GW2 message

The problem is that I have been playing those games, that is I am in the middle of playing them, and then I get kicked out and get that message.
I have disabled all the Software firewalls in windows I have port forwarded all the ports required to the main IP that runs the games and still noting.
I am at an end of my leash now
I am running sophos UTM 2.0, whatever is the latest version I think 2.0.11

I have just spend $450 to run a nice SOphos UTM appliance but if this is the issue I might as well run straight through VERIZON FIOS connection and not have any problems.  Honestly Uptime is more important than security at this moment, since what is the point of security if you can't get anywhere.  I might as well run it unplugged.

This thread was automatically locked due to age.

0 RFCat_vk_01 over 11 years ago

I would suspect you are running v9.200-11.
Please advise your UTM configuration, hardware mainly.

The UTM doesn't usually kick people out or drop connections unless you have power supply or heat issues. There isn't any dunction in the UTM that will stop someone's use after 20 or so minutes, really sounds like a heat issue.

Ian
Cancel
Vote Up 0 Vote Down

Cancel
0 BAlfson over 11 years ago

I'm with Ian, but it wouldn't hurt to try #1 in https://community.sophos.com/products/unified-threat-management/astaroorg/f/51/t/22065.

Cheers - Bob
Cancel
Vote Up 0 Vote Down

Cancel
0 grammatonclerick over 11 years ago in reply to BAlfson

I'm with Ian, but it wouldn't hurt to try #1 in http://www.astaro.org/gateway-products/general-discussion/49065-rulz.html.

Cheers - Bob

Ok, Disabled WebPRotection, IDS/IPS, Opened up the firewall to all ports (set the IP in DMZ), same stuff.
Opened up the PC case of the UTM and set a giant vortex fan in front of it, pulling the air straight from the outside (however there is a filter in front of the fan to remove any dampness), the outside temp is 34F. Still the same stuff.

So now I want to try the FIOS modem by itself, however how the hell do I release the IP within the UTM? I connected the FIOS modem but it won't fetch a new IP from Verizon unless I release it first within the UTM.
Cancel
Vote Up 0 Vote Down

Cancel

0 grammatonclerick over 11 years ago in reply to grammatonclerick

ok here is the log before the drop:


:42:49	Default DROP	TCP	 	

142.0.78.139	:	4118

→	

74.96.82.84	:	445

 	

[SYN]	len=48	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:43:36	Default DROP	IGMP	 	

96.231.209.1	 	 

→	

224.0.0.1	 	 

 	

len=36	ttl=1	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:44:44	Default DROP	IGMP	 	

192.168.1.2	 	 

→	

224.0.0.1	 	 

 	

len=36	ttl=1	tos=0x00	srcmac=f8:e4:fb:5:cb:27	dstmac=0:15:17:63:50:b6

19:44:46	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60184

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:44:48	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60184

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:44:50	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60295

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:44:51	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60295

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:44:51	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60184

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:44:52	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60295

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:44:55	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60295

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:44:57	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60184

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:44:57	Default DROP	DNS	 	

125.71.165.211	:	53

→	

74.96.82.84	:	58644

 	

len=80	ttl=246	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:44:57	Default DROP	DNS	 	

125.71.165.211	:	53

→	

74.96.82.84	:	58644

 	

len=98	ttl=246	tos=0x10	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:45:01	Default DROP	TCP	 	

58.63.69.177	:	3209

→	

74.96.82.84	:	5000

 	

[SYN]	len=60	ttl=245	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:45:01	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60295

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:45:07	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60184

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:45:12	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60295

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:45:17	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60184

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:45:22	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60295

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:45:27	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60184

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:45:32	Default DROP	TCP	 	

173.194.68.109	:	993

→	

74.96.82.84	:	60295

 	

[ACK FIN]	len=52	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:45:41	Default DROP	IGMP	 	

96.231.209.1	 	 

→	

224.0.0.1	 	 

 	

len=36	ttl=1	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:45:46	WebAdmin connection	TCP	 	

192.168.1.100	:	57080

→	

192.168.1.1	:	4444

 	

[SYN]	len=52	ttl=128	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:45:46	WebAdmin connection	TCP	 	

192.168.1.100	:	57081

→	

192.168.1.1	:	4444

 	

[SYN]	len=52	ttl=128	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:46:49	Default DROP	IGMP	 	

192.168.1.2	 	 

→	

224.0.0.1	 	 

 	

len=36	ttl=1	tos=0x00	srcmac=f8:e4:fb:5:cb:27	dstmac=0:15:17:63:50:b6

19:47:21	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:21	WebAdmin connection	TCP	 	

192.168.1.100	:	57081

→	

192.168.1.1	:	4444

 	

[ACK PSH]	len=669	ttl=128	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:21	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK PSH]	len=50	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:21	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:21	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK PSH]	len=44	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:21	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:21	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:21	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK]	len=52	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:21	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:22	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK PSH]	len=50	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:22	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK PSH]	len=68	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:25	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK PSH]	len=88	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:25	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK PSH]	len=50	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:26	WebAdmin connection	TCP	 	

192.168.1.100	:	57081

→	

192.168.1.1	:	4444

 	

[ACK]	len=40	ttl=128	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:26	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK PSH]	len=50	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:28	Suspicious TCP state	TCP	 	

192.168.1.100	:	57079

→	

74.125.21.84	:	443

 	

[ACK]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:28	Suspicious TCP state	TCP	 	

192.168.1.100	:	57079

→	

74.125.21.84	:	443

 	

[ACK FIN]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:30	Suspicious TCP state	TCP	 	

192.168.1.100	:	57079

→	

74.125.21.84	:	443

 	

[ACK]	len=52	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:30	Suspicious TCP state	TCP	 	

192.168.1.100	:	57077

→	

64.25.38.136	:	6112

 	

[ACK]	len=52	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:31	Suspicious TCP state	TCP	 	

192.168.1.100	:	57079

→	

74.125.21.84	:	443

 	

[ACK]	len=52	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:33	Suspicious TCP state	TCP	 	

192.168.1.100	:	57079

→	

74.125.21.84	:	443

 	

[ACK FIN]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:35	Suspicious TCP state	TCP	 	

192.168.1.100	:	57079

→	

74.125.21.84	:	443

 	

[ACK]	len=52	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:37	Suspicious TCP state	TCP	 	

192.168.1.100	:	57079

→	

74.125.21.84	:	443

 	

[ACK FIN]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:40	Suspicious TCP state	TCP	 	

192.168.1.100	:	57074

→	

64.25.38.72	:	6112

 	

[ACK PSH]	len=43	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:40	Suspicious TCP state	TCP	 	

192.168.1.100	:	57074

→	

64.25.38.72	:	6112

 	

[ACK PSH]	len=43	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:42	Suspicious TCP state	TCP	 	

192.168.1.100	:	57074

→	

64.25.38.72	:	6112

 	

[ACK PSH]	len=43	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:42	Suspicious TCP state	TCP	 	

192.168.1.100	:	57079

→	

74.125.21.84	:	443

 	

[ACK]	len=52	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:44	Suspicious TCP state	TCP	 	

192.168.1.100	:	57074

→	

64.25.38.72	:	6112

 	

[ACK PSH]	len=43	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:46	Default DROP	IGMP	 	

96.231.209.1	 	 

→	

224.0.0.1	 	 

 	

len=36	ttl=1	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:47:46	Suspicious TCP state	TCP	 	

192.168.1.100	:	57079

→	

74.125.21.84	:	443

 	

[ACK RST]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:48	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK PSH]	len=125	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:48	Suspicious TCP state	TCP	 	

192.168.1.100	:	57074

→	

64.25.38.72	:	6112

 	

[ACK PSH]	len=43	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:48	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK PSH]	len=125	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:49	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK PSH]	len=125	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:51	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK PSH]	len=125	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:51	Suspicious TCP state	TCP	 	

192.168.1.100	:	57079

→	

74.125.21.84	:	443

 	

[RST]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:55	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK PSH]	len=125	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:47:57	Suspicious TCP state	TCP	 	

192.168.1.100	:	57074

→	

64.25.38.72	:	6112

 	

[ACK PSH]	len=43	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:04	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK PSH]	len=125	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:04	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:04	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK]	len=52	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:05	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK]	len=52	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:06	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK]	len=52	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:09	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK]	len=52	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:12	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:13	Suspicious TCP state	TCP	 	

192.168.1.100	:	57074

→	

64.25.38.72	:	6112

 	

[ACK RST]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:13	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK PSH]	len=157	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:13	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK]	len=52	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:15	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK PSH]	len=237	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:18	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK PSH]	len=125	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:18	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:20	Suspicious TCP state	TCP	 	

192.168.1.100	:	57073

→	

64.25.40.121	:	6112

 	

[ACK RST]	len=40	ttl=127	tos=0x00	srcmac=54:4:a6:3f:55:1	dstmac=0:15:17:63:50:b6

19:48:23	Default DROP	TCP	 	

186.241.174.209	:	1859

→	

74.96.82.84	:	445

 	

[SYN]	len=48	ttl=250	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:48:26	Default DROP	TCP	 	

186.241.174.209	:	1859

→	

74.96.82.84	:	445

 	

[SYN]	len=48	ttl=250	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:48:54	Default DROP	IGMP	 	

192.168.1.2	 	 

→	

224.0.0.1	 	 

 	

len=36	ttl=1	tos=0x00	srcmac=f8:e4:fb:5:cb:27	dstmac=0:15:17:63:50:b6

19:49:45	Suspicious TCP state	TCP	 	

192.168.1.222	:	40189

→	

176.32.101.52	:	443

 	

[ACK PSH]	len=141	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:49:45	Suspicious TCP state	TCP	 	

192.168.1.222	:	40189

→	

176.32.101.52	:	443

 	

[ACK PSH]	len=141	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:49:45	Suspicious TCP state	TCP	 	

192.168.1.222	:	40189

→	

176.32.101.52	:	443

 	

[ACK PSH]	len=141	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:49:46	Suspicious TCP state	TCP	 	

192.168.1.222	:	40189

→	

176.32.101.52	:	443

 	

[ACK PSH]	len=141	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:49:49	Suspicious TCP state	TCP	 	

192.168.1.222	:	40189

→	

176.32.101.52	:	443

 	

[ACK PSH]	len=141	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:49:51	Suspicious TCP state	TCP	 	

192.168.1.222	:	45065

→	

176.32.99.148	:	443

 	

[ACK PSH FIN]	len=311	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:49:51	Default DROP	IGMP	 	

96.231.209.1	 	 

→	

224.0.0.1	 	 

 	

len=36	ttl=1	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:49:53	Suspicious TCP state	TCP	 	

192.168.1.222	:	40189

→	

176.32.101.52	:	443

 	

[ACK PSH FIN]	len=178	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:49:53	Suspicious TCP state	TCP	 	

192.168.1.222	:	40189

→	

176.32.101.52	:	443

 	

[ACK PSH FIN]	len=279	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:08	Suspicious TCP state	TCP	 	

192.168.1.222	:	35177

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:08	Suspicious TCP state	TCP	 	

192.168.1.222	:	35142

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:08	Suspicious TCP state	TCP	 	

192.168.1.222	:	35177

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:08	Suspicious TCP state	TCP	 	

192.168.1.222	:	35142

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:08	Suspicious TCP state	TCP	 	

192.168.1.222	:	35177

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:09	Suspicious TCP state	TCP	 	

192.168.1.222	:	35177

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:10	Suspicious TCP state	TCP	 	

192.168.1.222	:	40189

→	

176.32.101.52	:	443

 	

[ACK PSH FIN]	len=279	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:10	Suspicious TCP state	TCP	 	

192.168.1.222	:	35177

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:12	Suspicious TCP state	TCP	 	

192.168.1.222	:	35142

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:15	Suspicious TCP state	TCP	 	

192.168.1.222	:	35177

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:17	Suspicious TCP state	TCP	 	

192.168.1.222	:	35142

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:22	Suspicious TCP state	TCP	 	

192.168.1.222	:	35177

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:26	Suspicious TCP state	TCP	 	

192.168.1.222	:	35142

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:28	Suspicious TCP state	TCP	 	

192.168.1.222	:	40189

→	

176.32.101.52	:	443

 	

[ACK PSH FIN]	len=279	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:36	Default DROP	TCP	 	

195.219.192.132	:	16309

→	

74.96.82.84	:	7071

 	

[SYN]	len=48	ttl=251	tos=0x00	srcmac=0:90:1a:a2:fd:17	dstmac=0:15:17:63:50:b7

19:50:36	Suspicious TCP state	TCP	 	

192.168.1.222	:	35177

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:46	Suspicious TCP state	TCP	 	

192.168.1.222	:	35142

→	

74.125.137.109	:	993

 	

[ACK PSH]	len=83	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6

19:50:48	Suspicious TCP state	TCP	 	

192.168.1.222	:	45065

→	

176.32.99.148	:	443

 	

[ACK PSH FIN]	len=311	ttl=63	tos=0x00	srcmac=0:bb:3a:96:78:55	dstmac=0:15:17:63:50:b6


2014:03:16-19:50:08 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35142" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:08 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35177" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:08 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35142" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:08 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35177" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:09 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35177" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:10 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="176.32.101.52" proto="6" length="279" tos="0x00" prec="0x00" ttl="63" srcport="40189" dstport="443" tcpflags="ACK PSH FIN" 

2014:03:16-19:50:10 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35177" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:12 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35142" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:15 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35177" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:17 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35142" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:22 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35177" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:26 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35142" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:28 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="176.32.101.52" proto="6" length="279" tos="0x00" prec="0x00" ttl="63" srcport="40189" dstport="443" tcpflags="ACK PSH FIN" 

2014:03:16-19:50:36 BeyondTheRim ulogd[7146]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:90:1a:a2:fd:17" dstmac="0:15:17:63:50:b7" srcip="195.219.192.132" dstip="74.96.82.84" proto="6" length="48" tos="0x00" prec="0x00" ttl="251" srcport="16309" dstport="7071" tcpflags="SYN" 

2014:03:16-19:50:36 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35177" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:46 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35142" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:50:48 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="176.32.99.148" proto="6" length="311" tos="0x00" prec="0x00" ttl="63" srcport="45065" dstport="443" tcpflags="ACK PSH FIN" 

2014:03:16-19:50:59 BeyondTheRim ulogd[7146]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth0" srcmac="f8:e4:fb:5:cb:27" dstmac="0:15:17:63:50:b6" srcip="192.168.1.2" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

2014:03:16-19:51:04 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="176.32.101.52" proto="6" length="279" tos="0x00" prec="0x00" ttl="63" srcport="40189" dstport="443" tcpflags="ACK PSH FIN" 

2014:03:16-19:51:06 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35177" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:51:24 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35142" dstport="993" tcpflags="ACK PSH" 

2014:03:16-19:51:56 BeyondTheRim ulogd[7146]: id="2001" severity="info" sys="SecureNet" sub="packetfilter" name="Packet dropped" action="drop" fwrule="60001" initf="eth1" srcmac="0:90:1a:a2:fd:17" dstmac="0:15:17:63:50:b7" srcip="96.231.209.1" dstip="224.0.0.1" proto="2" length="36" tos="0x00" prec="0xc0" ttl="1" 

2014:03:16-19:52:05 BeyondTheRim ulogd[7146]: id="2012" severity="info" sys="SecureNet" sub="packetfilter" name="strict TCP state" action="strict TCP state" fwrule="60009" initf="eth0" outitf="eth1" srcmac="0:bb:3a:96:78:55" dstmac="0:15:17:63:50:b6" srcip="192.168.1.222" dstip="74.125.137.109" proto="6" length="83" tos="0x00" prec="0x00" ttl="63" srcport="35177" dstport="993" tcpflags="ACK PSH"

0 grammatonclerick over 11 years ago in reply to grammatonclerick

Well F me sideways and call me Billy. I guess (cross my fingers) and thanks for Balfson for suggesting it but I guess after looking at the firewall log the culprit was " Use strict TCP session handling" in Protocol tab.

I am still testing it, but it's been 20 minutes without disconnect.
Cancel
Vote Up 0 Vote Down

Cancel
0 BarryG over 11 years ago

Hi, you are correct that the "strict TCP state" messages correspond with that setting.

Barry
Cancel
Vote Up 0 Vote Down

Cancel