RE: port 25 traffic denied

  • From: "Jim Harrison" <Jim@xxxxxxxxxxxx>
  • To: "[ISAserver.org Discussion List]" <isalist@xxxxxxxxxxxxx>
  • Date: Fri, 30 Sep 2005 11:19:09 -0700

Examine the rest of the logs for those IP pairs.
- was there ever a valid SMTP session between them?
It's very common to use "broken TCP" to ascertain if a host is listening
on a protocol/port.

-------------------------------------------------------
   Jim Harrison
   MCP(NT4, W2K), A+, Network+, PCG
   http://isaserver.org/Jim_Harrison/
   http://isatools.org
   Read the help / books / articles!
-------------------------------------------------------
 

-----Original Message-----
From: Mark Morgan [mailto:mmorgan@xxxxxxxxxxxxxxxxxxxxx] 
Sent: Friday, September 30, 2005 11:13
To: [ISAserver.org Discussion List]
Subject: [isalist] port 25 traffic denied

http://www.ISAserver.org

Hello,

I am having an error 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED on
trafic
sent to my external interface on port 25, and some mail is not getting
through to some of my clients. Does anyone have any idea what could be
going on? Here is the log of one of the denials all are the same.



Original Client IP      Client Agent    Authenticated Client    Service
Server
Name    Referring Server        Destination Host Name   Transport
MIME Type       Object
Source  Source Proxy    Destination Proxy       Bidirectional   Client
Host
Name    Filter Information      Network Interface       Raw IP Header
Raw Payload     Source
Port    Processing Time Bytes Sent      Bytes Received  Result Code
HTTP Status
Code    Cache Information       Error Information       Log Record Type
Log
Time    Destination IP  Destination Port        Protocol        Action
Rule    Client IP       Client
Username        Source Network  Destination Network     HTTP Method
URL
209.123.16.38   -                       HIPPOCRATES             -
TCP                     -       -       No      -
63.***.***.***  45 00 00
28 00 00 40 00 2e 06 16 ec d1 7b 10 26 3f c1 14 82      00 19 37 b9 58
5a 75 2f
00 00 00 00 50 04 00 00 74 a0 00 00     25      0       0       0
0xc0040017
FWX_E_TCP_NOT_SYN_PACKET_DROPPED                0x0     0x0     Firewall
9/29/2005 4:24:40
PM      63.***.***.***  14265   Unidentified IP Traffic Denied
Connection      -       209.123.16.38   -       External        Local
Host
209.123.16.38   -                       HIPPOCRATES             -
TCP                     -       -       No      -
63.***.***.***  45 00 00
28 00 00 40 00 2e 06 16 ec d1 7b 10 26 3f c1

------------------------------------------------------
List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist
ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp
ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ
------------------------------------------------------
Visit TechGenix.com for more information about our other sites:
http://www.techgenix.com
------------------------------------------------------
You are currently subscribed to this ISAserver.org Discussion List as:
jim@xxxxxxxxxxxx
To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist
Report abuse to listadmin@xxxxxxxxxxxxx

All mail to and from this domain is GFI-scanned.

Other related posts:

  1. Home
  2. isalist
  3. Archive
  4. 09-2005