[c-nsp] TCP Reset
Peter Rathlev
peter at rathlev.dk
Wed May 20 04:03:43 EDT 2009
On Wed, 2009-05-20 at 10:15 +0530, Hitesh Vinzoda wrote:
> I m facing a problem from some clients behaving suspiciously when they
> telnet to squid proxy. ( 10.4.188.180)
>
> After TCP Syn request by client the server is responding with RST.
>
> Wireshark logs from client is attached. Comments are invited for this case.
And the server is really listening on that port? I assume "http-alt" is
8080/tcp, and Squid normally listens on 3128/tcp.
What does a wireshark dump on the server tell you?
The only thing that comes to mind apart from the port-issue would be
that Cisco PIX/ASA/FWSM firewalls will actually reject an ACL denied
connection from "inside" (higher security level) with a TCP RST.
Regards,
Peter
More information about the cisco-nsp
mailing list