On 6 May 2001, at 22:36, Nazila Mofrad wrote:
> May 6 17:57:40 PIX %PIX-6-302001: Built outbound TCP connection 4638593 for
> faddr INTERNET-HOST/80 gaddr MY-SERVER/2394 laddr MY-SERVER/2394
> May 6 17:57:40 PIX %PIX-6-302002: Teardown TCP connection 4638593 faddr
> INTERNET-HOST/80 gaddr MY-SERVER/2394 laddr MY-SERVER/2394 duration 0:00:00
> bytes 0 (TCP Reset-I)
> May 6 17:57:43 PIX %PIX-6-106015: Deny TCP (no connection) from
> INTERNET-HOST/80 to MY-SERVER/2394 flags RST
> The question is the meaning of the last entry. If the incoming packets to my
> server do not pass through PIX (which surely do not), which incoming packet
> (with RST Bit on) is denied by PIX?
If I'm not mistaken (it's first thing Monday morning so I probably am!) these 3
log lines represent:
1. Outbound connection built through PIX from MY-SERVER port 2394 to
INTERNET-HOST port 80
2. Connection teardown almost immediately by PIX for MY-SERVER (the
TCP Reset-I)
3. Incoming RST packet from INTERNET-HOST for closing of connection is
denied as connection has already been closed.
I'm guessing that the INTERNET-HOST has sent a RST packet back, MY-
SERVER has closed down the connection, the PIX has cleared the
connection mapping, but for some reason INTERNET-HOST has resent the
RST packet as it did not receive a complete connection close sequence from
MY-SERVER. Could be software on MY-SERVER playing up, difficult to tell
from this.
Dan
---
D.C. Crichton email: [EMAIL PROTECTED]
Senior Systems Analyst tel: +44 (0)121 706 6000
Computer Manuals Ltd. fax: +44 (0)121 606 0477
Computer book info on the web:
http://computer-manuals.co.uk/
Want to earn money? Join our affiliate network!
http://computer-manuals.co.uk/affiliate/
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
