Duplicate SYN attacks from Outside to Outside
Hi Everyone, We have an FTP server that sits in our DMZ. This Server has a DMZ interface and an external interface. When trying to access the server from the internet on its external address i am getting alot of Duplicate SYN attacks. They seem to
We have an FTP server that sits in our DMZ. This Server has a DMZ interface and an external interface. When trying to access the server from the internet on its external address i am getting alot of Duplicate SYN attacks. They seem to be coming all from the same source and port to the same destination and port.
As part of the testing i first took out any references to the FTP server in my Access rules on the ASA. I then tried to FTP to the server from an outside internet connection and as expected get the following in the log:
Mar 01 2013
Deny tcp src outside:194.80.130.XX/46867 dst outside:78.24.112.XX/21 by access-group "outside_access_in" [0x0, 0x0]
I then highlighted this entry and created an access rule for it (but changed the source port to any rather than a specific one). When i then try and FTP to the server i get lots of SYN attacks which says the following:
Mar 01 2013
Duplicate TCP SYN from outside:194.80.130.XX/46973 to outside:78.24.112.XX/21 with different initial sequence number
I am not sure why I am getting duplicate SYN attacks. I have similar servers in the DMZ that do the same thing and they seem to be working fine. I am pretty sure this is not actually a DOS attack. I also have spoken to the team who manage the server and they have confirmed that the external IP is setup correctly on the server (its not that the external IP does not exist and just loops).
There is also NAT'ing setup on the ASA that NATs the dmz IP to the external IP and vice versa.
I have also noticed that whenever i create a new rule on the outside interface on my ASA it automatically adds the same descripton from another rule on the outside interface. What does this mean? Why could it be copying a description from anothe rule?
Your advice would be much appreciated.
It seems as though the NAT to the DMZ address is just not working. I have set a NAT rule up "before network object NAT" rule and also set a simple object NAT, but still getting the error.
access-group outside_access_in in interface outside
access-list outside_access_in extended permit object-group DM_INLINE_SERVICE_7 any object csdpr1ft-ext
object-group service DM_INLINE_SERVICE_7
service-object tcp destination eq ssh
service-object tcp destination eq ftp
service-policy global_policy global
New flow created with id 26135657, packet dispatched to next module
- 1 Inventory account not defined in item code
- 2 I have error 53
- 3 How do I copy all the pics I've taken with my iphone to my laptop. I am familar with syncing, do it all the time, but I can't find my iphone pics anywhere.
- 4 I want someone to help me redesign an existing site using Dreamweaver.
- 5 Networking a G5 and a G4 powerbook
- 6 Help with LEN VLOOKUP so close as well!
- 7 HT3819 I don't see my apple tv on my device list on my ITunes? I already reset the apple tv, connect it to my library, they are both connected already to the same wireless network and to the internet, home sharing is enable on my I Tunes and already tried
- 8 ITunes page is pink..words Library, Store, and Playlists all blurry
- 9 Backing up multiple computers?
- 10 Cluster Startup - with pooling
- CRM BP type Sold-to-party Sales Area Data button not displayed
- How to open *.olproj files in prproj? WTF? Am I missing something?
- When I delete an item it dissapears, but does not show up in or go to Trash?
- Problem with linking PDF documents using named destinations
- Problems with select statement
- Replaced iPod.... Windows Reconizes iPod, but iTunes Doesn't. HELP!!!
- SBO_Post Transaction Notification
- Calling a function from a dll given by a third party
- Child of Child
- Hide Select option properties in Webdynpro ABAP