Posted: 5/26/2009 10:09:45 AM EDT
|
Everytime I surf arfcom, my home router/firewall logs similar connections. Thoughts? I can understand the port 80 traffic, possibly the firewall is seeing it backwards. But the other stuff? Anyone else see this?
[INFO] Tue May 26 12:56:51 2009 Blocked incoming TCP packet from 69.95.2.66:80 to myipaddress:2122 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:51 2009 Blocked incoming TCP packet from 69.95.2.66:80 to myipaddress:2120 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:51 2009 Blocked incoming TCP packet from 69.95.2.66:80 to myipaddress:2131 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:51 2009 Blocked incoming TCP packet from 69.95.2.66:80 to myipaddress:2141 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:51 2009 Blocked incoming TCP packet from 69.95.2.66:80 to myipaddress:2143 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:51 2009 Blocked incoming TCP packet from 69.95.2.66:80 to myipaddress:2128 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:51 2009 Blocked incoming TCP packet from 69.95.2.66:80 to myipaddress:2134 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:49 2009 Blocked incoming TCP packet from 69.95.2.66:53 to myipaddress:2145 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:49 2009 Blocked incoming TCP packet from 69.95.2.66:52 to myipaddress:2140 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:49 2009 Blocked incoming TCP packet from 69.95.2.66:43 to myipaddress:2125 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:49 2009 Blocked incoming TCP packet from 69.95.2.66:44 to myipaddress:2133 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:49 2009 Blocked incoming TCP packet from 69.95.2.66:42 to myipaddress:2130 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:49 2009 Blocked incoming TCP packet from 69.95.2.66:39 to myipaddress:2138 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:49 2009 Blocked incoming TCP packet from 69.95.2.66:37 to myipaddress:2127 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:49 2009 Blocked incoming TCP packet from 69.95.2.66:36 to myipaddress:2123 as RST:ACK received but there is no active connection [INFO] Tue May 26 12:56:49 2009 Blocked incoming TCP packet from 69.95.2.66:35 to myipaddress:2136 as RST:ACK received but there is no active connection |
|
Ok doing a bit of looking about your routers features it uses a stateful firewall, known as an SPI firewall. The ip address you are seeing that is coming from port 80 is from ar15.com.
A stateful firewall will keep track of outbound connections and only allow incoming sessions if it sees an active session that has left the router. The reason you are seeing different ports is that when sending out http requests, the first available port in a range of non-registered ports is utilized, thus the port on your computer is never sending http requests on the same port each time, each session will utilize a different port. For whatever reason the firewall is stating that the connection is inactive by the time return traffic is getting back to the router. If you are not experiencing page loading issues, it could be a routing loop issue and receiving duplicate packets. The router is still getting the requested packet for that session back, but if it gets it again that session is already complete and it is seeing unrequested traffic and dropping the packets. Another possibility is a glitch in the firewall dropping packets because for some reason it is either not maintaining the active connection database or because it is not maintaining the sessions in the database for long enough. Hope that helps to clarify your issue. There could be other things causing it to display that message, but off the top of my head those seem to be the most probable causes for your firewall log messages. ETA: The RST/ACK is indicating that the firewall has received the packet and acknowledges the packet but the port is closed (Reset/RST portion of the RST/ACK statement) |