The following are from syslogs on ASA5510 firewall. Are the following TCP sessions being spoofed in the SYN phase?
07:40:25: %ASA-4-419002: Duplicate TCP SYN from Inside: 192.168.1.170/3229 to outside:126.96.36.199/4219 with different initial sequence number
(I can not find who has IP 192.168.1.170. Trend Micro shows no one on the LAN .170
The following shows an original udp payload, yet there seems to be a ICMP transmission.
ASA-4-313005 : No matching connection for ICMP error message: icmp src outside: 188.8.131.52 dst inside: 207.105.y.x (type 3, code 1) on outside interface: Original payload: udp src 207.105.y.x/3919 dst 192.168.1.100/49593