Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
Bookmark
|
Subscribe
|
1607
Views
0
Helpful
2
Replies

different initial sequence no.

suthomas1
Level 6
Level 6

‎10-12-2010 08:06 PM - edited ‎03-11-2019 11:53 AM

an asa housing a business application server sends out given syslogs quite often.

419002: Duplicate TCP SYN from LOCAL:10.1.1.75/43415 to MILZONE:10.2.90.26/443 with different initial sequence number


this asa is on version 7.0(6) , cisco says it is common in these rel.

is there anything that ought to be inspected in view of this message. or to identify why it is throwing these messages.

TIA.

Labels:
0 Helpful
2 Replies 2

Namit Agarwal
Cisco Employee
Cisco Employee

‎10-12-2010 08:42 PM

Hi ,

The explanation for this log message is that a duplicate TCP SYN was received during the three-way-handshake that has a different initial sequence number than the SYN that opened the embryonic connection. This could indicate that SYNs are being spoofed. Someone might be spoofing IP addresses.

Thanks,

Namit

0 Helpful

suthomas1
Level 6
Level 6
In response to Namit Agarwal

‎10-12-2010 08:45 PM

if that is so, this LOCAL:10.1.1.75 ip belongs to interface of primary firewall before requests reach this server.

how should spoofing be checked if so.

thank you.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card
Top