CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have sign-ups from twelve different countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 7/14, 8/25, 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Check Point Firewall-1/VPN-1 And Related Products > Miscellaneous
Reload this Page Script Kiddie Attack / TCP packet out of state: First packet isn't SYN
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2007-10-02
saymen saymen is offline
Junior Member
  
Join Date: 2005-10-03
Posts: 1
Rep Power: 0
saymen has an average reputation (10+)
Default Script Kiddie Attack / TCP packet out of state: First packet isn't SYN
We're running a SPLAT Cluster R65. Everything works fine.

Today, We have thoulands of "TCP packet out of state: First packet isn't SYN" Entries from IP 85.1.193.23.

I created a rule that blocks all traffic from 85.1.193.23 without logging, but the "TCP packet out of state" messages still remain. How can I get rid of them? We don't want to switch off the logging of the dropped "TCP packet out of state" packets.

here the exact LOG Entry:

Number: 151337
Date: 2Oct2007
Time: 16:30:16
Product: VPN-1 Power/UTM
Interface: eth1
Origin: 10.0.63.2
Type: Log
Action: Drop
Protocol: tcp
Service: http (80)
Source: 85.1.193.23
Destination: 19x.2x..13x.9x
Source Port: 18991
Information: TCP packet out of state: First packet isn't SYN
tcp_flags: RST
SmartDefense Profile: Default_Protection
Policy Info: Policy Name: Standard
Created at: Tue Oct 02 16:09:18 2007
Installed from: XX1080

Any ideas or thoughts?
Thanks, Simon
Reply With Quote
  #2 (permalink)  
Old 2007-10-02
chillyjim chillyjim is offline
Senior Member
  
Join Date: 2005-08-29
Location: Upstate NY
Posts: 1,598
Rep Power: 4
chillyjim has an average reputation (10+)
Send a message via AIM to chillyjim Send a message via Skype™ to chillyjim
Default Re: Script Kiddie Attack / TCP packet out of state: First packet isn't SYN
I don't think you can. On the other hand, you could just drop the traffic at your Internet router (or have your ISP do it).
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 12:53.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0