07-21-2011 10:44 AM - edited 03-11-2019 02:01 PM
Consistently I see similar errors like this in my logs. The src address is actually my SCCM server (policy server) and the dst address is a remote VPN user who connects with the AnyConnect client.
%ASA-4-419002: Duplicate TCP SYN from inside:10.2.152.69/2974 to inside:10.2.252.230/139 with different initial sequence number
%ASA-4-419002: Duplicate TCP SYN from inside:10.2.152.69/2973 to inside:10.2.252.230/445 with different initial sequence number
I'd like to try and clean up these errors if possible. Any ideas on what can be done to try and see what the cause of these are?
Thanks
07-24-2011 10:41 PM
Hi Jeffery,
This syslog is indicative of an IP being spoofed, since it is receving a
duplicate TCP SYN packet from another source. A duplicate TCP SYN was
received during the three-way-handshake that has a different initial
sequence number than the SYN that opened the embryonic connection. This
could indicate that SYNs are being spoofed.
The firewall is doing its bit by dropping these duplicate packets and that's
why you are seeing these error messages generated.
I would like to suggest you to troubleshoot the host to determine the reason
why it is sending duplicates or if that is spoofed by other computer coming
from another MAC address.
Regards,
Sian
03-20-2012 05:58 AM
Hi Jeffrey,
I have the same issue. We squelched the SCCM server to limit its efforts, just to stop the pain, but, we don't have any answer yet. Did you discover why SCCM is giving up and moving on to a new TCP sequence number? I would like to address the root cause on this issue instead of the symptom. I have just begun my research, so, if I encounter anything useful, I will be sure to post it here. Unless someone else beats me to it!
Cheers,
Tom
07-17-2013 11:41 AM
Did you ever find out why the SCCM server was doing this? I'm having the same issues.
Thanks
07-17-2013 11:49 AM
Sadly, no, I never received any reply on this thread and my available time to research the issue was limited. I am certainly interested in learning if anyone discovers the root cause or how to eliminate the trouble.
Tom
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide