I have two networks::
192.168.1.0/24
192.168.50.0/24. There are several Cisco switches in this network.
Networks are bidirectionally connected via OpenVPN on an Asus RT-AX68U fw. 386.7_2 router. There is a server (Smart Home) on the network 192.168.50.47. Another network has a disabled media-player 192.168.1.14.
I see a lot of messages in the logs of the Cisco switch:
in relation to the ports of the Asus router.
Analyzing the logs
I see 12 (+-1) permanent TCP SYN_SENT connections from 192.168.50.47 to 192.168.1.14:9529".
At the same time, there are no such requests from server to the host:
Question: where does the constant TCP SYN_SENT come from on the Asus router?
P.S.
I am not suggesting that these two problems are related. Perhaps this is a coincidence.
192.168.1.0/24
192.168.50.0/24. There are several Cisco switches in this network.
Networks are bidirectionally connected via OpenVPN on an Asus RT-AX68U fw. 386.7_2 router. There is a server (Smart Home) on the network 192.168.50.47. Another network has a disabled media-player 192.168.1.14.
I see a lot of messages in the logs of the Cisco switch:
Code:
A TCP SYN Attack was identified on port gi10. TCP SYN traffic destined to the local system is automatically blocked for 60 secondsAnalyzing the logs
Code:
router# netstat-nat | grep 'SYN_SENT'At the same time, there are no such requests from server to the host:
Code:
server$ netstat -na | grep '192.168.1.14'Question: where does the constant TCP SYN_SENT come from on the Asus router?
P.S.
I am not suggesting that these two problems are related. Perhaps this is a coincidence.
