• RSS
  • Twitter
  • FaceBook

Welcome to ISAserver.org

Forums | Register | Login | My Profile | Inbox | RSS RSS icon | My Subscription | My Forums | Address Book | Member List | Search | FAQ | Ticket List | Log Out

TCP_NOT_SYN_PACKET_DROPPED

Users viewing this topic: none

Logged in as: Guest
  Printable Version
All Forums >> [ISA 2006 Firewall] >> General >> TCP_NOT_SYN_PACKET_DROPPED Page: [1]
Login
Message << Older Topic   Newer Topic >>
TCP_NOT_SYN_PACKET_DROPPED - 12.Jun.2008 2:30:02 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hello all,

I have the following scenario: my internal users need to access an pop3/smtp server to send and receive e-mails. I have a rule allowing pop3/smtp from internal to external. Sometimes they canīt send e-mail and ISA logs the following message: 0xc0040017 FWX_E_TCP_NOT_SYN_PACKET_DROPPED.
I was capturing those packets and some of them appears the following message: This frame is a (suspected) retransmission.

Anybody have any ideas what it could be?
Is there anyway to disable this ISA functionallity?

Thanks in advance.
Post #: 1
RE: TCP_NOT_SYN_PACKET_DROPPED - 17.Jun.2008 7:55:39 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Paulo,

Sending mail is SMTP. Is that where the problem is?

Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to paulo.oliveira)
Post #: 2
RE: TCP_NOT_SYN_PACKET_DROPPED - 17.Jun.2008 10:09:29 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Tom,

I know that. But, like I said, they need to send and receive e-mails, thatīs why I need to allow pop and smtp.

The problem usally happens when they are sending e-mails (SMTP). Do have any idea whatīs going on, based on the log messages?

Do you want more info? Just ask.

Thanks for help.
Paulo Oliveira.

(in reply to tshinder)
Post #: 3
RE: TCP_NOT_SYN_PACKET_DROPPED - 18.Jun.2008 10:58:01 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Paulo,

It could those users have an email worm, and hitting your connection limits.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to paulo.oliveira)
Post #: 4
RE: TCP_NOT_SYN_PACKET_DROPPED - 18.Jun.2008 11:46:28 AM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Tom,

I think this is not the problem. Cause we tried with a clean machine and we still got the problem.

One more detail (donīt know if it matters), our bandwidth usage is 97% the most of the time. Is this maybe have some influence?

Regards,
Paulo Oliveira.

(in reply to tshinder)
Post #: 5
RE: TCP_NOT_SYN_PACKET_DROPPED - 18.Jun.2008 12:16:55 PM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi Paulo,

Yes! That certainly could be the problem. If it's hanging around 97% most of the time, there are going to be a good percentage of times that it's at 100% and some connections are going to be dropped.

HTH,
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to paulo.oliveira)
Post #: 6
RE: TCP_NOT_SYN_PACKET_DROPPED - 18.Jun.2008 2:13:03 PM   
paulo.oliveira

 

Posts: 3472
Joined: 3.Jan.2008
From: Amazon, Brazil
Status: offline
Hi Tom,

I was thinking about that too. And only for test I disabled the anti-spoofing feature for a couple of days and even with the link at 97% most of the time, we could experience a good improvement in sending e-mail.
What do you think about that?

Regards,
Paulo Oliveira.

(in reply to tshinder)
Post #: 7
RE: TCP_NOT_SYN_PACKET_DROPPED - 18.Jun.2008 4:29:40 PM   
jmilito

 

Posts: 321
Joined: 10.Oct.2006
From: MICHIGAN, US
Status: offline
Just a little note...  I would also try to see if you can figure out what that traffic is to see if there is anything you can get rid of...expecially if it is malicious.  GFI Webmonitor would help with controlling malicious traffic as well as some of the liesure sites during business hours.  You might try FairShare for ISA or a third-party packet-shaping appliance as well.  Just thoughts of course.

(in reply to paulo.oliveira)
Post #: 8
RE: TCP_NOT_SYN_PACKET_DROPPED - 22.Jun.2008 11:01:37 AM   
tshinder

 

Posts: 50013
Joined: 10.Jan.2001
From: Texas
Status: offline
Hi J,

Good ideas!

Thanks!
Tom

_____________________________

Thomas W Shinder, M.D.

(in reply to jmilito)
Post #: 9

Page:   [1] << Older Topic    Newer Topic >>
All Forums >> [ISA 2006 Firewall] >> General >> TCP_NOT_SYN_PACKET_DROPPED Page: [1]
Jump to:

New Messages No New Messages
Hot Topic w/ New Messages Hot Topic w/o New Messages
Locked w/ New Messages Locked w/o New Messages
 Post New Thread
 Reply to Message
 Post New Poll
 Submit Vote
 Delete My Own Post
 Delete My Own Thread
 Rate Posts