Solved

I don't understand this log entry. CAn someone explain step by step?

Posted on 2008-10-03
1
867 Views
Last Modified: 2012-08-14
I pulled this log from my firewall. I'd really like to know what it means. I also took the diagram from robtek.com
*** denotes changes made for security reasons

 FRI OCT 03 16:57:05 2008 time="2008-10-03 16:04:31"

proto=6- tcp packet -  Source:=209.85.171.127 -

Destination:=xxx.xxx.xxx.xxx***(your WAN ip) - [RST packet with out of range

ACK number detected Src 80 Dst 1275 from WAN n/w]


it (source) appears to be some back end google server.... idk
netdiag.bmp
0
Comment
Question by:crazystoo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
1 Comment
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 22648554


Your firewall does stateful inspection which in this case means that the firewall inspects the flows (TCP in this case) to ensure expected communications
between endpoints of the flow (in this case an internal system and a google system on the outside) send and receive what is expected.

One thing the firewall inspects is the acknowledgment numbers in the TCP segment, the sender receives acknowledgments from the receiver to verify receipt of data sent. Your firewall has detected that a TCP reset was sent with an seuence number out of the range of expected values for the particular flow. Looks like someone on the inside of your network was surfing on google and the google server sent a reset to your internal system to terminate the flow, typically this is because something was wrong with the flow and the server wanted to start over more or less. Your firewall noticed that the acknowledgment number was not the expected value, perhaps thats why the google serveer wanted to reset, the two systems were not in sync.

harbor235 ;}  
0

Featured Post

Webinar May 25: Cloud Security Strategies for SMBs

Small and mid-sized businesses are a driving force behind cloud adoption, and it’s no wonder: cloud benefits are BIG.  But for all the convenience that moving to the cloud provides, where does security come into play?

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
Setting up a VPN 60 230
Load balancing - basic design/questions for customer request 4 101
Palo Alto Networks - find the sec zone 3 83
SSL VPN and open two factor authentication 3 82
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
There are times where you would like to have access to information that is only available from a different network. This network could be down the hall, or across country. If each of the network sites have access to the internet, you can create a ne…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

752 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question