message with show conn in pix

Unanswered Question

Hi

Following is message with show conn in the pix525,ver 7.0. x.x.x.x is email server ip address. I don't think have 4g email send out in that time. How to understand this message? that source ip address is changed as time.

"TCP out 62.37.236.x:25 in x.x.x.x:28626 idle 0:07:05 bytes 4294967280 flags UO"

thanks

ben

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Thanks.

Following is message from syslog:

2007-05-10 21:43:55 UTC Local0.Info 192.168.252.1 May 10 2007 14:42:18 : %PIX-6-302014: Teardown TCP connection -1810930958 for outside:62.37.236.x/25 to inside:x.x.x.x/24856 duration 0:10:32 bytes 4294967280 TCP Reset-O

It looks finish send, but sometime show up again in the log file.

Ben

vitripat Fri, 05/11/2007 - 02:58

It seems as pointed out earlier that a inside host x.x.x.x did send a mail 4GB or more, however the connection was not a normal finish, it was torn down becuse the mail server on the outside RESET the connection. Notice the flags in the syslog-

TCP Reset-O

Regards,

Vibhor.

Actions

This Discussion