Question : A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer

I'm getting the Log below every 50 seconds on my Forefront TMG Server, strangely enough, the "attakers" ip resolves to Experts Exchange!

I trust EE isn't doing anything strange, but, out of interest, what is going on??? I don't have that many alerts setup on EE...

Denied Connection ****-TMG 17/06/2010 20:38:48
Log type: Firewall service
Status: A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer.  
Rule: None - see Result Code
Source: External (64.156.132.245:55986)
Destination: Local Host (*.*.*.*:25)
Protocol: SMTP
 Additional information
Number of bytes sent: 0 Number of bytes received: 0
Processing time: 0ms Original Client IP: 64.156.132.245

Answer : A non-SYN packet was dropped because it was sent by a source that does not have an established connection with the Forefront TMG computer

It would be good to see exactly what the packet is.

But is is likely that experts exchange was sending an email to you when your end perceived the session to be complete, whereas e-e's email server hadn't finished yet.  

For example, if your email server sent a FIN, before the FIN-ACK arrived from e-e, TMG cleared the session from its state table, once the FIN-ACK actually arrived it didn't have a matching entry in the state table and so discarded the packet with the above error.

So you say every 50 seconds - for how long has this been going on?  It would probably retry for a bit and then give up.
Random Solutions  
 
programming4us programming4us