Solved

I don't understand this log entry. CAn someone explain step by step?

Posted on 2008-10-03
1
858 Views
Last Modified: 2012-08-14
I pulled this log from my firewall. I'd really like to know what it means. I also took the diagram from robtek.com
*** denotes changes made for security reasons

 FRI OCT 03 16:57:05 2008 time="2008-10-03 16:04:31"

proto=6- tcp packet -  Source:=209.85.171.127 -

Destination:=xxx.xxx.xxx.xxx***(your WAN ip) - [RST packet with out of range

ACK number detected Src 80 Dst 1275 from WAN n/w]


it (source) appears to be some back end google server.... idk
netdiag.bmp
0
Comment
Question by:crazystoo
1 Comment
 
LVL 32

Accepted Solution

by:
harbor235 earned 500 total points
ID: 22648554


Your firewall does stateful inspection which in this case means that the firewall inspects the flows (TCP in this case) to ensure expected communications
between endpoints of the flow (in this case an internal system and a google system on the outside) send and receive what is expected.

One thing the firewall inspects is the acknowledgment numbers in the TCP segment, the sender receives acknowledgments from the receiver to verify receipt of data sent. Your firewall has detected that a TCP reset was sent with an seuence number out of the range of expected values for the particular flow. Looks like someone on the inside of your network was surfing on google and the google server sent a reset to your internal system to terminate the flow, typically this is because something was wrong with the flow and the server wanted to start over more or less. Your firewall noticed that the acknowledgment number was not the expected value, perhaps thats why the google serveer wanted to reset, the two systems were not in sync.

harbor235 ;}  
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
EXSi 6.x hosts on vCenter 5.5 7 86
Palo Alto Networks FW: Can you view bw utilization of specific tunnels? 2 58
Need a cheap RFID setup 10 69
Wireless antenna advice/design 6 49
We sought a budget ($5,000) firewall solution that would provide all the performance we needed with no single point of failure.  Hosting a SAAS web application in our datacenter, it was critical that we find a way to keep connectivity up and inbound…
If you are thinking of adopting cloud services, or just curious as to what ‘the cloud’ can offer then the leader according to Gartner for Infrastructure as a Service (IaaS) is Amazon Web Services (AWS).  When I started using AWS I was completely new…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

15 Experts available now in Live!

Get 1:1 Help Now