3 Replies Latest reply on Jul 14, 2014 6:10 PM by sliedl

    Sidewinder not finding session for returning traffic

    fsiegfried

      Hello,

      i have a little trouble with the McAfee Sidewinder Firewall Version 7.01.03H09.

      Two weeks ago i have updated our Cluster from Version 7.01.02E147 to the previous mentioned version.

      Since then i have the following problem:

      I start a connection on a specific Port (e.g. 80), but the return traffic is not recoginzed by the firewall and i see the following message in the audit.

       

      event: TCP malformed netprobe srcip: x.x.x.x srcport: 80

      srcburb: burbx dstip: x.x.x.x dstport: 46170 protocol: 6

      interface: vlanx

      reason: Received a TCP packet on a port with no listening service.  The packet also did not have the SYN flag set.  This is a scanning attack indication.

       

      I keep getting about 4000 of this messages per hour, and it started after the firmwareupdate.

      I already tried to find something about this issue in the KB-Articles, but without any success.

      Hopefully somebody here can help me.

       

      Thanks in advance

       

      Florian