• February 24, 2025, 04:54:43 PM
  • Welcome, Guest
Please login or register.

Login with username, password and session length
Advanced search  

News:

This Forum Beta is ONLY for registered owners of D-Link products in the USA for which we have created boards at this time.

Author Topic: no_new_conn_for_this_packet  (Read 9898 times)

mackop

  • Level 1 Member
  • *
  • Posts: 16
no_new_conn_for_this_packet
« on: January 11, 2010, 11:10:24 AM »
My log-file (DFL-2500) is full of records like:

2010-01-11 16:24:31    Warning    CONN 00600012    LogOpenFails    TCP    wan1
   124.128.63.2 xx.xx.xx.xx    6655 45176    no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 rst=1

2010-01-11 16:24:30    Warning    CONN 00600012    LogOpenFails    TCP    wan1
   58.56.44.194 xx.xx.xx.xx    80 45176    no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 ack=1

2010-01-11 16:20:41    Warning    CONN 00600012    LogOpenFails    TCP    lan1
   10.10.1.51 74.125.87.99    3601 80    no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 ack=1 fin=1

2010-01-11 16:20:35    Warning    CONN 00600012    LogOpenFails    TCP    lan1
   10.10.1.51 74.125.87.100    3603 80    no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 ack=1 fin=1

2010-01-11 16:20:34    Warning    CONN 00600012    LogOpenFails    TCP    lan1
   10.10.1.51 74.125.87.100    3605 80    no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 ack=1 fin=1

2010-01-11 16:13:45    Warning    CONN 00600012    LogOpenFails    TCP    lan1
   10.10.1.52 83.45.112.176    45176 64549    no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 ack=1 fin=1

2010-01-11 16:10:16    Warning    CONN 00600012    LogOpenFails    TCP    lan1
   10.10.1.118 74.125.87.102    3660 80    no_new_conn_for_this_packet reject
rev=1 protocol=tcp ipdatalen=20 ack=1 fin=1

What could by the reason?
Everything on the network seems to be working. I have no complains from users.
Logged

Fatman

  • Level 9 Member
  • ****
  • Posts: 1675
Re: no_new_conn_for_this_packet
« Reply #1 on: January 11, 2010, 02:43:04 PM »
These are SPI drops, they will occur whenever a TCP packet violates the normal TCP state progression.  This could be due to anything from lazy programming, to malicious attacks.
Logged
non progredi est regredi

mackop

  • Level 1 Member
  • *
  • Posts: 16
Re: no_new_conn_for_this_packet
« Reply #2 on: January 11, 2010, 11:56:05 PM »
A few observations:
- Almost all "faulty" packets have the same destination port 80 or 443.
- On my network, there are only computers with windows insatalled.
- While I am browsing web pages, my own computer causes these warnings too.
Logged