TCP ack packet attack

Discussion in 'other firewalls' started by toploader, Oct 3, 2005.

Thread Status:
Not open for further replies.
  1. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    i've had kerio 2.1.5 running for a couple of months now and so far i've found it to be a good guard dog - anything trying to get out throws up an alert and online scans show it's running in stealth mode.

    the log file was empty for a long time - in fact i was starting to wonder if kerio logging function was working - then suddenly over the past couple of days i've been getting pages of TCP ack packet attack blocked messages - does anyone know why this has suddenly started happening? there are thousands of log entries? i'm running dial up.

    here's a logshot....
     

    Attached Files:

    • ack.jpg
      ack.jpg
      File size:
      98.1 KB
      Views:
      291
    Last edited: Oct 3, 2005
  2. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    ah i remember now - i switched on "log suspicious packets" :D

    well i'm certainly getting lots of "suspicious packets" the question is why?
     
  3. toploader

    toploader Registered Member

    Joined:
    Aug 19, 2005
    Posts:
    707
    it's ok i think i found the answer - apparently kerio has an issue with multiple connections. i've been fiddling around with different connection configs lately.
     
  4. Arup

    Arup Guest

    For high number of multiple connections, have you tried increasing the buffer for the fw.sys registry entry?
     
Thread Status:
Not open for further replies.