Thread: Script Kiddie Attack / TCP packet out of state: First packet isn't SYN
View Single Post
  #1 (permalink)  
Old 2007-10-02
saymen saymen is offline
Junior Member
  
Join Date: 2005-10-03
Posts: 1
Rep Power: 0
saymen has an average reputation (10+)
Default Script Kiddie Attack / TCP packet out of state: First packet isn't SYN
We're running a SPLAT Cluster R65. Everything works fine.

Today, We have thoulands of "TCP packet out of state: First packet isn't SYN" Entries from IP 85.1.193.23.

I created a rule that blocks all traffic from 85.1.193.23 without logging, but the "TCP packet out of state" messages still remain. How can I get rid of them? We don't want to switch off the logging of the dropped "TCP packet out of state" packets.

here the exact LOG Entry:

Number: 151337
Date: 2Oct2007
Time: 16:30:16
Product: VPN-1 Power/UTM
Interface: eth1
Origin: 10.0.63.2
Type: Log
Action: Drop
Protocol: tcp
Service: http (80)
Source: 85.1.193.23
Destination: 19x.2x..13x.9x
Source Port: 18991
Information: TCP packet out of state: First packet isn't SYN
tcp_flags: RST
SmartDefense Profile: Default_Protection
Policy Info: Policy Name: Standard
Created at: Tue Oct 02 16:09:18 2007
Installed from: XX1080

Any ideas or thoughts?
Thanks, Simon
Reply With Quote