[kerio] "TCP ack packet attack"

Archived from groups: comp.security.firewalls (More info?)

Does anyone know what this entry in the log means? My guess is it's just
due to a misconfigured rule or something, but the word "attack" concerns
me. Thanks in advance.

"Rule 'TCP ack packet attack': Blocked: In TCP,
127.0.0.1:80->localhost:1476, Owner: no owner"
2 answers Last reply
More about kerio packet attack
  1. Archived from groups: comp.security.firewalls (More info?)

    Its garbage, just go back into the administration, and the on the
    miscellaneous tab uncheck 'log sucpicious packets'. Its not an attack, and
    whoever called it an attack at Kerio was a moron.

    "anon" <anon@anonn.com> wrote in message news:2l4as6F88qn0U1@uni-berlin.de...
    > Does anyone know what this entry in the log means? My guess is it's just
    > due to a misconfigured rule or something, but the word "attack" concerns
    > me. Thanks in advance.
    >
    > "Rule 'TCP ack packet attack': Blocked: In TCP,
    > 127.0.0.1:80->localhost:1476, Owner: no owner"
  2. Archived from groups: comp.security.firewalls (More info?)

    I remembered they were logging garbage, here is comment someone else posted on
    a web forum

    "A 'ack packet attack' is not an attack. Ack packets ACKnowledge something was
    received, and are a part of normal traffic. However they have been used as
    part of stealth tests.

    Now the reason your firewall is showing them is these packets have been timed
    out, basically the service stopped listening for some reason, and its still
    receiving these acknowledgement packets.

    So open your Administration, click advanced, misc tab, uncheck 'log suspicious
    packets', and get on with your day as that setting logs 95% garbage, not so
    called 'attacks'."

    "anon" <anon@anonn.com> wrote in message news:2l4as6F88qn0U1@uni-berlin.de...
    > Does anyone know what this entry in the log means? My guess is it's just
    > due to a misconfigured rule or something, but the word "attack" concerns
    > me. Thanks in advance.
    >
    > "Rule 'TCP ack packet attack': Blocked: In TCP,
    > 127.0.0.1:80->localhost:1476, Owner: no owner"
Ask a new question

Read More

Firewalls Security TCP/IP Networking