D-Link Forums
The Graveyard - Products No Longer Supported => D-Link NetDefend Firewalls => Topic started by: mackop on January 11, 2010, 11:10:24 AM
-
My log-file (DFL-2500) is full of records like:
2010-01-11 16:24:31 Warning CONN 00600012 LogOpenFails TCP wan1
124.128.63.2 xx.xx.xx.xx 6655 45176 no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 rst=1
2010-01-11 16:24:30 Warning CONN 00600012 LogOpenFails TCP wan1
58.56.44.194 xx.xx.xx.xx 80 45176 no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 ack=1
2010-01-11 16:20:41 Warning CONN 00600012 LogOpenFails TCP lan1
10.10.1.51 74.125.87.99 3601 80 no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 ack=1 fin=1
2010-01-11 16:20:35 Warning CONN 00600012 LogOpenFails TCP lan1
10.10.1.51 74.125.87.100 3603 80 no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 ack=1 fin=1
2010-01-11 16:20:34 Warning CONN 00600012 LogOpenFails TCP lan1
10.10.1.51 74.125.87.100 3605 80 no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 ack=1 fin=1
2010-01-11 16:13:45 Warning CONN 00600012 LogOpenFails TCP lan1
10.10.1.52 83.45.112.176 45176 64549 no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 ack=1 fin=1
2010-01-11 16:10:16 Warning CONN 00600012 LogOpenFails TCP lan1
10.10.1.118 74.125.87.102 3660 80 no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 ack=1 fin=1
What could by the reason?
Everything on the network seems to be working. I have no complains from users.
-
These are SPI drops, they will occur whenever a TCP packet violates the normal TCP state progression. This could be due to anything from lazy programming, to malicious attacks.
-
A few observations:
- Almost all "faulty" packets have the same destination port 80 or 443.
- On my network, there are only computers with windows insatalled.
- While I am browsing web pages, my own computer causes these warnings too.