#I'm guessing that the INTERNET-HOST has sent a RST packet back, MY-
#SERVER has closed down the connection, the PIX has cleared the
#connection mapping, but for some reason INTERNET-HOST has resent the
#RST packet as it did not receive a complete connection close sequence from
#MY-SERVER. Could be software on MY-SERVER playing up, difficult to tell
#from this.
First of all, a reset is just a reset. There is no connection
teardown, no acknowledgement, or anything other than the reset packet,
itself. Unless someone was doing some poor programming the Internet web
server should close a normal connection with a FIN packet and not a RST
packet. The FIN packet would trigger the normal FIN, ACK (client) and ACK
(server) packets to complete the connection teardown sequence. The first
thing to do is find out why you where getting a RST packet for part of a
valid connection. Since this is a web server it should be listening on
port 80. One scenario could be that a packet was late in arriving to the
web server. The web server and your client had already closed the
connection. This would have caused the connection to be taken out of the
state table on the PIX. The web server gets a packet that is not a SYNC
and is not for a current connection so it sends a RST. The PIX does not
have that connection in the state table anymore so the RST is dropped. If
this really concerns you sent up a network sniffer on both sides of the PIX
and monitor an entire connection that is is happening with. This will give
you a lot better info than the normal PIX log file.
Regards,
Jeffery Gieser
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
