Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

different initial sequence no.

an asa housing a business application server sends out given syslogs quite often.

419002: Duplicate TCP SYN from LOCAL:10.1.1.75/43415 to MILZONE:10.2.90.26/443 with different initial sequence number


this asa is on version 7.0(6) , cisco says it is common in these rel.

is there anything that ought to be inspected in view of this message. or to identify why it is throwing these messages.

TIA.

  • Firewalling
2 REPLIES
Cisco Employee

Re: different initial sequence no.

Hi ,

The explanation for this log message is that a duplicate TCP SYN was received during the three-way-handshake that has a different initial sequence number than the SYN that opened the embryonic connection. This could indicate that SYNs are being spoofed. Someone might be spoofing IP addresses.

Thanks,

Namit

New Member

Re: different initial sequence no.

if that is so, this LOCAL:10.1.1.75 ip belongs to interface of primary firewall before requests reach this server.

how should spoofing be checked if so.

thank you.

828
Views
0
Helpful
2
Replies
This widget could not be displayed.