Hi All
For the last couple of days, I getting- on the top blocked services- HTTP trafic as the highest blocked service
TOP10 dropped services
Total dropped packets: 25 315
Top Service Name Protocol Service Packets % of total
1 HTTP TCP 80 16 693 65.94 %
2 NETBIOS-DGM UDP 138 318 1.26 %
3 T8C0 ICMP t8c0 271 1.07 %
4 EPMAP TCP 135 271 1.07 %
5 T11C0 ICMP t11c0 220 0.87 %
6 MICROSOFT-DS TCP 445 197 0.78 %
7 UDP 5351 128 0.51 %
8 REMOTE-WINSOCK TCP 1745 127 0.50 %
9 H263-VIDEO UDP 2979 105 0.41 %
10 IRDMI TCP 8000 96 0.38 %
I think that HTTP is blocked as the handshake is not correct. I have multiple entries on the packet filter where the start of the handshake is [ACK FIN] and therefore dropped. I remember a user complaining about the same issue not a long ago. (I've attached the pf logs for the previous days)
Can you advise on anything to look for as I don't think that's normal.The following are enabled:
Enable TCP Window scaling YES
Use strict TCP session handling NO
Validate packet length YES
Spoof protection: Normal
Thanks
This thread was automatically locked due to age.
