Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4146
Views
0
Helpful
1
Replies

duplicate tcp syn messages

3msands
Level 1
Level 1

‎10-07-2009 12:05 PM - edited ‎02-21-2020 03:43 AM

I'm using the ASA for anyconnect users and I keep seeing log messages similar to the following:

4 date=Oct 07 2009 Source IP=10.1.1.201 Source Port=17571 Destination IP=10.0.250.18 Destination Port53887 Duplicate TCP SYN from inside:10.1.1.201/17571 to inside:10.0.250.18/53887 with different initial sequence number

The source changes from various server (so far our Anti-virus server, dns, and Active directory servers) the destination appears to be client ip's that have disconnected.

I would like to stop this as it is filling my logs up with spurious information

0 Helpful
1 Reply 1

dhananjoy chowdhury
Level 5
Level 5

‎10-07-2009 08:54 PM

A duplicate TCP SYN was received during the three-way-handshake that has a different initial sequence number than the SYN that opened the embryonic connection. This could indicate that SYNs are being spoofed. This message occurs in Release 7.0.4.1 and later.

http://www.cisco.com/en/US/docs/security/asa/asa71/system/message/logmsgs.html?bcsi_scan_73B62AB387D5D02C=0&bcsi_scan_filename=logmsgs.html#wp3456474

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card