Re: Question about ack attack and Kerio Firewall

In article <l2ik22duvleop67il0ek8a9rmn3j71u6mt@4ax.com>, not@for.email
says...
> I'm using Kerio v2.1.5 and not the newer Sunbelt version. Looking at
> the log in Kerio I frequently see the following (abbreviated version);
>
> [Date/Time] Rule 'TCP ack packet attack': Blocked in TCP, (null) [IP
> address:80]->localhost:various ports, Owner: no owner
>
> I looked up ack attack and I'm thinking maybe Kerio is misinterpreting
> the traffic, or I am. It's always coming from TCP port 80 so is it
> just web traffic that is being blocked? I have a boat load of
> adservers etc. blocked in my Hosts file, could that be it?
>

I have heard that it's just nonsense and you should ignore it. Turn
that option off (log suspicious packets) and you won't see it anymore.

-- 
Kerodo