The log message indicates that the packet is a TCP Reset (flag=0x4) packet. This message just indicates that a Reset packet was not expected, (as Reset packets are generally used to terminate/reset a session). Could also be a case of someone forging a packet and sending the reset to screw things up or attempt to hijack a session, (possible but maybe unlikely). Since you'd send a Reset to one side while you jump in the middle and start talking to the other.
On Thursday, February 26, 2004 at 08:13, Jason Sopko wrote: >I am getting a lot of these error messages in my log files on an older >GB-1000: > >Feb 26 07:58:54 orpheus id=firewall time="2004-02-26 07:58:54" >fw="orpheus" pri=4 flt_type=default flt_action=block msg="Rejecting >unexpected packet" proto=25/tcp src=62.90.145.131 srcport=3389 >dst=66.207.128.61 dstport=25 interface=fxp1 flags=0x4 > >Feb 26 07:58:54 orpheus id=firewall time="2004-02-26 07:58:54" >fw="orpheus" pri=4 flt_type=default flt_action=block msg="Rejecting >unexpected packet" proto=25/tcp src=209.195.183.177.46 srcport=3389 >dst=66.207.128.62 dstport=25 interface=fxp1 flags=0x4 > >Feb 26 07:58:57 orpheus id=firewall time="2004-02-26 07:58:57" >fw="orpheus" pri=4 flt_type=default flt_action=block msg="Rejecting >unexpected packet" proto=25/tcp src=69.6.77.186 srcport=47162 >dst=66.207.128.62 dstport=25 interface=fxp1 flags=0x4 > >These are legitimate packets that are inbound destined for internal mail >servers, and should be allowed into my network. I was first alerted to >the problem yesterday, when I was told by another sysadmin that he >couldn't send me email, as it was being returned to him after his mail >server gave up trying to send it to my mail server. > >This prompted me to review my log files, and I noticed that this >behavior was happening over the past year and a half. There are messages >such as these in the logs since I've installed the firewall (was >purchased used). > >I'm running GB-1000 Version: 3.3.4s. The firewall seems to be working >fine otherwise, as other mail servers connect fine, as do my mail >servers connect fine outbound. Other services are working fine, also, >including ssh, http, https, imap, imaps, pop3, ftp, etc. Both inbound >and outbound. So the problem appears to be sporadic, and not from any >specific subnet/s. > >Is it possible that this firewall is starting to die? If anybody can >shed some light as to what might be happening, I would appreciate it. >Thanks in advance. > >///Jason > >------------------------------------------------------ >To unsubscribe: [EMAIL PROTECTED] >For additional commands: [EMAIL PROTECTED] >Archive: http://archives.gnatbox.com/gb-users/ > > -- Paul Emerson Global Technology Associates, Inc. Tel: +1.407.380.0220 http://www.gta.com/ Fax: +1.407.380.6080 Email: [EMAIL PROTECTED] Mob: +1.407.617.7818 AIM: pje1gta ------------------------------------------------------ To unsubscribe: [EMAIL PROTECTED] For additional commands: [EMAIL PROTECTED] Archive: http://archives.gnatbox.com/gb-users/
