Re: 0xc0040017 FWX E TCP NOT SYN PACKET DROPPED

Tech-Archive recommends: Fix windows errors by optimizing your registry

---

• From: "Henk Steunenberg \(Ms\)" <stjesp@xxxxxxxxxxx>
• Date: Mon, 8 May 2006 13:37:36 +0100

---

hello,

As by Jim Harrison:

This is ISA reporting a host that's violating the rules of TCP.
All TCP sessions should begin with a TCP-SYN packet and this one didn't do
that.
It's a classic technique for OS and application fingerprinting that fails
miserably against an ISA server.

Essentially, it's a non-issue unless you see a lot of these from a
particular host.
In that case, you may want to contact their ISP and complain.

Signature


Jim Harrison [ISASE]
Read the help, books and articles!

Henk


"Baldur" <Baldur@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote in message
news:B941C0D0-6FE1-4585-8283-5BBDB72E92C6@xxxxxxxxxxxxxxxx

Hi

I have a problem getting a network monitoring machine to access my
ISAServer2004 computer via RPC Protocoll.

In the logfile I cann see so far:
remote machine initiates a connection to the isaserver on Port 135 RPC
then the remote machine initiates on the high Port 17000
then the remote machine closes the connection on port 17000
and then it say Denied Connection without any rule.

In the logilfe the corespondig entry says 0xc0040017 FWX E TCP NOT SYN
PACKET DROPPED

I cannot get the remote machine to work (monitor) the Isaserver2004

Since we use the Isaserver just for WebProxying Outlook Web Access I
choosed
a single Network Adapter Design. Published the OWA no Problem.

I created the following allow everything Roule since the ISAServer lies in
a
Perimeter Network protected from other Firewalls.
Name Action Protocols From To
Condition
OpenView Allow All Outbound Trafic Anywhere Anywhere All
Users

Can anyone help?

begin 666 Plus.gif
M1TE&.#EA"0`)`)$``````(2$A/___P```"'Y! ``````+ `````)``D```(4
6C(^B*[:PG(+*@7M;>''/SG0(4@``.P``
`
end

.

---

• Prev by Date: Re: Firewall Client and ISA as Default Gateway
• Next by Date: Re: Unable to open FTP sites behind ISA 2004
• Previous by thread: ISA Servers and Arrays Remote Administration
• Next by thread: Re: 0xc0040017 FWX E TCP NOT SYN PACKET DROPPED
• Index(es):
  • Date
  • Thread

---

Relevant Pages re: xhost: cannot connect to X server ... clients can connect from any host ... When I telnet from a Slackware client to the remote host running Lenny + ... accept incoming TCP + X ... removed KDE and installed Gnome, ... (Debian-User) Re: Whats the difference between UDP and TCP packets? ... TCP is a connection oriented protocol. ... The host that wants to send data sends a SYN ... (comp.security.firewalls) Re: Spoofing question? ... TCP and UDP, operate. ... TCP spoofing is a bit more difficult since there has to be a connection ... Attack host - The wily hacker. ... Spoofed host - The host packets will appear to be spoofed from. ... (Security-Basics) Re: IDS: Snort detecting distributed syn floods ... TCP allows for reliable data ... But it doesn't guarantee reliable transport ... Just because a host has completed the 3whs does ... reliability of TCP is coded based on a set of valid assumptions! ... (Focus-IDS) Could this be implemented with an NDIS or TDI driver? ... asked to find out the feasability of creating a Windows client that ... * Sits above TCP/UDP, but below the applications ... Is able to write to disk all TCP or UDP traffic on selected ports ... Is able to pass selected TCP or UDP traffic to the host applications ... (microsoft.public.win32.programmer.kernel)

---

• Windows
• Science
• Usenet

• Archive
• About
• Privacy
• Search
• Imprint

www.tech-archive.net  > Archive  > ISA  > microsoft.public.isa.configuration  > 2006-05