https://community.cisco.com/t5/network-security/duplicate-tcp-syn-messages/m-p/1295216#M947996 <HTML><HEAD></HEAD><BODY><P> A duplicate TCP SYN was received during the three-way-handshake that has a different initial sequence number than the SYN that opened the embryonic connection. This could indicate that SYNs are being spoofed. This message occurs in Release 7.0.4.1 and later. </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logmsgs.html?bcsi_scan_73B62AB387D5D02C=0&amp;bcsi_scan_filename=logmsgs.html#wp3456474" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logmsgs.html?bcsi_scan_73B62AB387D5D02C=0&amp;bcsi_scan_filename=logmsgs.html#wp3456474</A></P></BODY></HTML> Thu, 08 Oct 2009 03:54:19 GMT dhananjoy chowdhury 2009-10-08T03:54:19Z https://community.cisco.com/t5/network-security/duplicate-tcp-syn-messages/m-p/1295215#M947995 <P>I'm using the ASA for anyconnect users and I keep seeing log messages similar to the following:</P><P>4 date=Oct 07 2009 Source IP=10.1.1.201 Source Port=17571 Destination IP=10.0.250.18 Destination Port53887 Duplicate TCP SYN from inside:10.1.1.201/17571 to inside:10.0.250.18/53887 with different initial sequence number</P><P></P><P></P><P>The source changes from various server (so far our Anti-virus server, dns, and Active directory servers) the destination appears to be client ip's that have disconnected. </P><P>I would like to stop this as it is filling my logs up with spurious information</P> Fri, 21 Feb 2020 11:43:17 GMT https://community.cisco.com/t5/network-security/duplicate-tcp-syn-messages/m-p/1295215#M947995 3msands 2020-02-21T11:43:17Z https://community.cisco.com/t5/network-security/duplicate-tcp-syn-messages/m-p/1295216#M947996 <HTML><HEAD></HEAD><BODY><P> A duplicate TCP SYN was received during the three-way-handshake that has a different initial sequence number than the SYN that opened the embryonic connection. This could indicate that SYNs are being spoofed. This message occurs in Release 7.0.4.1 and later. </P><P></P><P><A class="jive-link-custom" href="http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logmsgs.html?bcsi_scan_73B62AB387D5D02C=0&amp;bcsi_scan_filename=logmsgs.html#wp3456474" target="_blank">http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logmsgs.html?bcsi_scan_73B62AB387D5D02C=0&amp;bcsi_scan_filename=logmsgs.html#wp3456474</A></P></BODY></HTML> Thu, 08 Oct 2009 03:54:19 GMT https://community.cisco.com/t5/network-security/duplicate-tcp-syn-messages/m-p/1295216#M947996 dhananjoy chowdhury 2009-10-08T03:54:19Z