Buy or Renew
Buy or Renew
Welcome to the new Cisco Community. LEARN MORE about the updates and what is coming.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1108
Views
0
Helpful
2
Replies

different initial sequence no.

suthomas1
Frequent Contributor
Frequent Contributor

‎10-12-2010 08:06 PM - edited ‎03-11-2019 11:53 AM

an asa housing a business application server sends out given syslogs quite often.

419002: Duplicate TCP SYN from LOCAL:10.1.1.75/43415 to MILZONE:10.2.90.26/443 with different initial sequence number


this asa is on version 7.0(6) , cisco says it is common in these rel.

is there anything that ought to be inspected in view of this message. or to identify why it is throwing these messages.

TIA.

Labels:
0 Helpful
2 REPLIES 2

Namit Agarwal
Cisco Employee
Cisco Employee

‎10-12-2010 08:42 PM

Hi ,

The explanation for this log message is that a duplicate TCP SYN was received during the three-way-handshake that has a different initial sequence number than the SYN that opened the embryonic connection. This could indicate that SYNs are being spoofed. Someone might be spoofing IP addresses.

Thanks,

Namit

0 Helpful

suthomas1
Frequent Contributor
Frequent Contributor
In response to Namit Agarwal

‎10-12-2010 08:45 PM

if that is so, this LOCAL:10.1.1.75 ip belongs to interface of primary firewall before requests reach this server.

how should spoofing be checked if so.

thank you.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents