Dropped TCP Connections
Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: Dropped TCP Connections

  1. #1

    Question Dropped TCP Connections

    We have a SonicWall set up monitoring our T1 line, but lately we're having somet rouble with connections being dropped. The log appears as such (first ip address listed is the source, the second the destination):

    05/04/2004 10:57:37.320 TCP connection dropped 64.252.69.111, 3365, WAN 192.168.1.86, 2745, LAN Type: 274 Rule: 12
    05/04/2004 10:52:32.448 TCP connection dropped 64.231.248.141, 3068, WAN 64.66.82.50, 2745, WAN Type: 274 Rule: 0
    05/04/2004 10:44:21.064 TCP connection dropped 64.40.54.237, 4501, WAN 64.66.82.50, 2745, WAN Type: 274 0
    05/04/2004 10:30:50.384 TCP connection dropped 68.123.234.162, 4783, WAN 64.66.82.50, 3127, WAN Type: 312 Rule: 0
    05/04/2004 10:13:24.048 TCP connection dropped 64.171.84.56, 3014, WAN 192.168.1.98, 2745, LAN Type: 274 12
    05/04/2004 09:06:28.640 TCP connection dropped 204.162.66.215, 3080, WAN 64.66.82.50, 1433, WAN Type: 143 Rule: 0

    Does anyone know how to resolve this, or at least where to start?

  2. #2
    Senior Member
    Join Date
    Apr 2004
    Posts
    1,130
    inst just ur firewall acting like it would be? it appears to a "firewall log action to me". Am i incorrect?
    Meu sítio

    FORMAT C: Yes ...Yes??? ...Nooooo!!! ^C ^C ^C ^C ^C
    If I die before I sleep, I pray the Lord my soul to encrypt.
    If I die before I wake, I pray the Lord my soul to brake.

  3. #3
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Can you show us rule 0? Or is this an implied rule just like Checkpoint?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  4. #4
    Just Another Geek
    Join Date
    Jul 2002
    Location
    Rotterdam, Netherlands
    Posts
    3,403
    Can you show us rule 0? Or is this an implied rule just like Checkpoint?
    Oliver's Law:
    Experience is something you don't get until just after you need it.

  5. #5
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    There's a rule 12 in there too.....

    What are those rule definitions?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  6. #6
    AO Ancient: Team Leader
    Join Date
    Oct 2002
    Posts
    5,197
    There's a rule 12 in there too.....

    What are those rule definitions?
    Don\'t SYN us.... We\'ll SYN you.....
    \"A nation that draws too broad a difference between its scholars and its warriors will have its thinking done by cowards, and its fighting done by fools.\" - Thucydides

  7. #7
    Is that all for dropped connections? If there are many more and they come from random external IP addresses, perhaps it is your outside interface (the one that connects to your T-1). I have not used Sonic much, I use Cisco gear and I know in my gear I can see the reliability of an interface in the form of x/x (255/255 would mean the interface has 100% reliability) Perhaps your outside interface is having some problems and a call to your providor would help.

  8. #8
    Is that all for dropped connections? If there are many more and they come from random external IP addresses, perhaps it is your outside interface (the one that connects to your T-1). I have not used Sonic much, I use Cisco gear and I know in my gear I can see the reliability of an interface in the form of x/x (255/255 would mean the interface has 100% reliability) Perhaps your outside interface is having some problems and a call to your providor would help.

  9. #9
    There are many dropped connections a day evidently, all within the same range. I checked the log reference guide on what the rules were, but it doesn't offer much. The only rule categories listed were in reference to blocked Webs/FTPs/Gophers/Newsgroups, so I don't know if there's any relation to TCP droppings. That said, category 12 is Alcohol & Tobacco. It says nothing about a rule or category 0.

  10. #10
    There are many dropped connections a day evidently, all within the same range. I checked the log reference guide on what the rules were, but it doesn't offer much. The only rule categories listed were in reference to blocked Webs/FTPs/Gophers/Newsgroups, so I don't know if there's any relation to TCP droppings. That said, category 12 is Alcohol & Tobacco. It says nothing about a rule or category 0.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

 Security News

     Patches

       Security Trends

         How-To

           Buying Guides