Unknown UDP Connections in PIX 515E with dD flags

Unanswered Question
Aug 13th, 2007

Hi,

Recently I noticed in my extranet PIX 515E from the output of "show conn protocol udp" command, a number of unknown udp connections that have initiated from ISA Proxy Server (inside). All outbound traffic is routed through this Server. The outside PIX interface is connected to Internet faced Router's FastEthernet interface. There is an inbound access list attached to Internet Router's serial interface (connection with ISP) that permits only the inbound smtp & web traffic, as well as the replies from connections have initiated from inside and discards all other traffic. There is also two ACEs that permit the udp packets with source port greater than 1024 and destination port greater than 1024 and discard the udp packets with source port less than 1024 and destination port greater than 1024.

As you can see in the attached .txt file there are several UDP connections with flags dD. What kind of connections are these? And why some of those udp connections with source port less than 1024 exist and pass the Router's access list?

Any reply will be appreciated!!!

Thanks in advance and kind regards!

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jgtheodor Mon, 08/13/2007 - 21:17

Hi again,

This issue seems to be arised. Can anyone help? Urgent

Thanks!

Actions

This Discussion