Just to satisfy my couriosity, I logged in ulog the invalig packets, and there are quite a few. How many should I expect to see and count as normal? For instance I downloaded a file from a reasonably fast FTP server at about 7 MB, and during I logged three invalid TCP packets. Apr 28 22:07:25 fire Invalid: IN=eth1 OUT= MAC=00:d0:b7:1d:cc:7d:00:90:69:f0:b0:20:08:00 SRC=156.56.247.195 DST=217.199.xx.18 LEN=1500 TOS=00 PREC=0x00 TTL=53 ID=47468 CE DF PROTO=TCP SPT=80 DPT=33553 SEQ=985943197 ACK=497088462 WINDOW=6432 ACK URGP=0 Apr 28 22:07:43 fire Invalid: IN=eth1 OUT= MAC=00:d0:b7:1d:cc:7d:00:90:69:f0:b0:20:08:00 SRC=156.56.247.195 DST=217.199.xx.18 LEN=1500 TOS=00 PREC=0x00 TTL=53 ID=52274 CE DF PROTO=TCP SPT=80 DPT=33553 SEQ=989439897 ACK=497088462 WINDOW=6432 ACK URGP=0 Apr 28 22:07:47 fire Invalid: IN=eth1 OUT= MAC=00:d0:b7:1d:cc:7d:00:90:69:f0:b0:20:08:00 SRC=156.56.247.195 DST=217.199.xx.18 LEN=1500 TOS=00 PREC=0x00 TTL=53 ID=53186 CE DF PROTO=TCP SPT=80 DPT=33553 SEQ=990104197 ACK=497088462 WINDOW=6432 ACK URGP=0 Should I just count this as normal? I thougt about using a limit per second to log if it happened more than 2-3 per second. Best regards Stian B. Barmen
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
