IPv6 Proxies: Unsolicited TCP:R from upstream ISP device.

Tuesday, November 9, 2021

Unsolicited TCP:R from upstream ISP device.

I'm hoping to get some insight as to why an upstream ISP device (10.9.0.34) is sending TCP:R to some connections. They are currently being dropped by a stateful firewall.

4911 2021-11-09 22:06:39.282325 MY_WAN_IP PUBLIC_IP TCP 74 22896 → 56184 [SYN] Seq=0 Win=65535 Len=0 MSS=1460 SACK_PERM=1 TSval=2766267974 TSecr=0 WS=512 4924 2021-11-09 22:06:39.452079 PUBLIC_IP MY_WAN_IP TCP 74 56184 → 22896 [SYN, ACK] Seq=0 Ack=1 Win=65160 Len=0 MSS=1358 SACK_PERM=1 TSval=2169412418 TSecr=2766267974 WS=128 4925 2021-11-09 22:06:39.452276 MY_WAN_IP PUBLIC_IP TCP 66 22896 → 56184 [ACK] Seq=1 Ack=1 Win=65536 Len=0 TSval=2766268144 TSecr=2169412418 4927 2021-11-09 22:06:39.456919 MY_WAN_IP PUBLIC_IP TCP 285 22896 → 56184 [PSH, ACK] Seq=1 Ack=1 Win=65536 Len=219 TSval=2766268149 TSecr=2169412418 4946 2021-11-09 22:06:39.625135 PUBLIC_IP MY_WAN_IP TCP 66 56184 → 22896 [ACK] Seq=1 Ack=220 Win=65024 Len=0 TSval=2169412592 TSecr=2766268149 4983 2021-11-09 22:06:40.096402 PUBLIC_IP MY_WAN_IP TCP 567 56184 → 22896 [PSH, ACK] Seq=1 Ack=220 Win=65024 Len=501 TSval=2169413058 TSecr=2766268149 4984 2021-11-09 22:06:40.096716 MY_WAN_IP PUBLIC_IP TCP 66 22896 → 56184 [ACK] Seq=220 Ack=502 Win=67072 Len=0 TSval=2766268789 TSecr=2169413058 4985 2021-11-09 22:06:40.101459 MY_WAN_IP PUBLIC_IP TCP 276 22896 → 56184 [PSH, ACK] Seq=220 Ack=502 Win=67072 Len=210 TSval=2766268794 TSecr=2169413058 5017 2021-11-09 22:06:40.269929 PUBLIC_IP MY_WAN_IP TCP 66 56184 → 22896 [ACK] Seq=502 Ack=430 Win=64896 Len=0 TSval=2169413238 TSecr=2766268794 5018 2021-11-09 22:06:40.270163 MY_WAN_IP PUBLIC_IP TCP 134 22896 → 56184 [PSH, ACK] Seq=430 Ack=502 Win=67072 Len=68 TSval=2766268962 TSecr=2169413238 5019 2021-11-09 22:06:40.271118 PUBLIC_IP MY_WAN_IP TCP 66 56184 → 22896 [FIN, ACK] Seq=502 Ack=430 Win=64896 Len=0 TSval=2169413238 TSecr=2766268794 5020 2021-11-09 22:06:40.271295 MY_WAN_IP PUBLIC_IP TCP 66 22896 → 56184 [FIN, ACK] Seq=498 Ack=503 Win=67072 Len=0 TSval=2766268963 TSecr=2169413238 5039 2021-11-09 22:06:40.439240 10.9.0.34 MY_WAN_IP TCP 60 56184 → 22896 [RST] Seq=1 Win=0 Len=0 5041 2021-11-09 22:06:40.443392 PUBLIC_IP MY_WAN_IP TCP 60 56184 → 22896 [RST] Seq=503 Win=0 Len=0

IPv6 Proxies

Tuesday, November 9, 2021

Unsolicited TCP:R from upstream ISP device.

No comments:

Post a Comment

Popular Posts