On Fri, March 3, 2006 15:39, Ezsra McDonald wrote: > Greetings Gurus, > > I have noticed in the past few weeks that my logs > from several hosts show what appear to be rejections on high ports. I > have seen this before on a checkpoint firewall where the issue was out > of state packits. What would cause this on a network? I don't know > where to start looking for the problem. > > Any ideas? > > Here is an example of one of my logwatch report: > > > Denied 4690 packets on interface eth0 > From 4.79.181.14 - 3 packets > To 172.25.14.167 - 3 packets > Service: 4980 (tcp/4980) (RULE 7 -- DENY,eth0,none) - 3 packets > From 4.79.181.135 - 8 packets > To 172.25.14.167 - 8 packets > Service: 56322 (tcp/56322) (RULE 7 -- DENY,eth0,none) - 6 packets > Service: 65382 (tcp/65382) (RULE 7 -- DENY,eth0,none) - 2 packets <snip a long log> Where do you determine these would be out of state ? To me, it just says that (x) packets from (y) to (z) have been denied, probably using "rule 7" which denies something but it doesn't say what. I think, looking at this log, no one can tell without knowing what rules you have in place, but maybe I'm overlooking something. Gr, Rob