12-14-2010 06:14 AM - edited 03-11-2019 12:21 PM
Dear,
I keep getting the following warning from the ASA ASDM syslog
Duplicate TCP SYN from inside:192.xx.xx.xx/63993 to outside:xx.xx.xx.xx/25 with different initial sequence number. The client in question sitting on the inside of the ASA is trying to access the mail server outside of our network. Currently the mail server is not responding to smtp requests from our network. Is the log message something to worry about?
regards,
Abebe Amare
12-14-2010 06:38 AM
I guess this should be ok. Since mail server is not responding and client is trying to reconnect again but with different initial seq before the existing open connection is torn down in ASA. What are the timestamps?
Explanation A duplicate TCP SYN was received during the three-way-handshake that has a different initial sequence number than the SYN that opened the embryonic connection. This could indicate that SYNs are being spoofed. This message occurs in Release 7.0.4.1 and later.
in_interface—The input interface.
src_address—The source IP address of the packet.
src_port—The source port of the packet.
out_interface—The output interface.
dest_address—The destination IP address of the packet.
dest_port—The destination port of the packet.
Recommended Action No action required.
Thanks,
SJ
12-14-2010 07:03 AM
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide