kj
Fri May 09 10:48:24 PDT 2008
Ringo wrote:
> On May 9, 12:09 pm, "Frank McCallister SBS MVP" <anonymous> wrote:
>> If it were me I would change the NIC card. Time is money and NICs are
>> cheaper than troubleshooting an Intermittent problem
>>
>> --
>> Frank McCallister SBS MVP
>> MCP Microsoft Small Business Specialist
>> COMPUMAC
>>
>> "Ringo" <RingoEnglew...@gmail.com> wrote in message
>>
>> news:21f2af34-5fc0-4861-a328-22412060a49d@x41g2000hsb.googlegroups.com...
>>
>>
>>
>>> Hi All,
>>
>>> One workstation in the entire office of 30 computers gets
>>> disconnected from the network randomly....some weeks there is no
>>> problem, then suddenly it cannot make a connection back to the
>>> server. When I check the ISA logs, I get the follow Denied
>>> Connection errors:
>>
>>> Denied Connection SERVER 5/9/2008 11:04:21 AM
>>> Log type: Firewall service
>>> Status: A TCP packet was rejected because it has an invalid sequence
>>> number or an invalid acknowledgement number.
>>> Rule:
>>> Source: Local Host ( 192.168.16.2:5037)
>>> Destination: VPN Clients ( 192.168.16.26:1212)
>>> Protocol: Unidentified IP Traffic (TCP:1212)
>>
>>> Does anyone know of a fix for this problem? I checked the cat 6 line
>>> and it tested perfectly. This is so confusing me. Thanks!
>>
>>> Ringo- Hide quoted text -
>>
>> - Show quoted text -
>
> So does the errors reporting in ISA mean that the network connection
> is faulty? I already swapped out the motherboard (with integrated
> NIC) with no success.
>
> Ringo
Get a good virus / trojan /malware scan on that computer. Sequence number
problems might indicate a man in the middle attack,
http://www.auditmypc.com/port/tcp-port-1212.asp
http://www.citi.umich.edu/u/provos/papers/secnet-spoof.txt
Remember that the ethernet frame checksum must match or the frame will be
discarded long before the sequence number is checked. A bad nic or low level
net problem usually shows up with checksum errors not sequence number
problems.
--
/kj