cancel
Showing results for 
Search instead for 
Did you mean: 
Create a Post
Tim_Bernat
Nickel

'Invalid segment retransmission. Packet dropped.'

Jump to solution

Hi All, 

we have a client not able to connect to an FTP server. The connection goes through the internal firewall and then gets dropped by our external CP (80.10). The sync packet is okay, but then it is actually dropped by the same rule that should be allowing it with the 'Invalid segment retransmission. Packet dropped.' comment. Please see the below screen.

We initially thought it was down to the application (FileZilla), but it seems it's the same, for example, from win command line. 

Thank you for any comments. 

0 Kudos
1 Solution

Accepted Solutions
Tim_Bernat
Nickel

Re: 'Invalid segment retransmission. Packet dropped.'

Jump to solution

I ended up putting an Exception in the the Inspection Settings for 'Invalid TCP Retransmission'  to get this fixed. Not a problem, but don't understand why it was seeing the traffic as a threat in the first place. 

0 Kudos
9 Replies
Admin
Admin

Re: 'Invalid segment retransmission. Packet dropped.'

Jump to solution

If you open one of those log entries, does it reference an SK?

These Inspection Settings may be relevant also:

0 Kudos
Tim_Bernat
Nickel

Re: 'Invalid segment retransmission. Packet dropped.'

Jump to solution

Thank Dameon,

sorry about replying late; it got quite hectic I was then off for some time. 

No SK, I get: 

'SmartDefense Services

An advisory for this issue is yet to be published. The information will be updated soon.'

Looking at the settings, we have this set to 'Drop' on all profiles, as recommended by CP:

 

This morning I have put a device behind the CP firewall directly on the Internet and had no problems with any FTP commands (FTP passive-mode).  

Apparently this was last used back in May, so we don't know when it stopped working. We have since moved from R77.30 to R80.10 but no access rules have been changed.

Thanks, Tim

0 Kudos
Tim_Bernat
Nickel

Re: 'Invalid segment retransmission. Packet dropped.'

Jump to solution

I ended up putting an Exception in the the Inspection Settings for 'Invalid TCP Retransmission'  to get this fixed. Not a problem, but don't understand why it was seeing the traffic as a threat in the first place. 

0 Kudos
Admin
Admin

Re: 'Invalid segment retransmission. Packet dropped.'

Jump to solution

For that we’d probably need a TAC case with packet captures of the relevant traffic.

B_P
Nickel

Re: 'Invalid segment retransmission. Packet dropped.'

Jump to solution

We got this too, but per sk98081, disabling TCP Invalid Retransmission is something "highly recommended" not to do.

Blocking stuff without any real explanation on why is Check Point's M.O. --

https://threatpoint.checkpoint.com/ThreatPortal/threat?threatType=protection&threatId=tcp_block_retr...

http://www.checkpoint.com/sdadvisories/redirector.htm?attackId=Streaming+Engine:+TCP+Invalid+Retrans....

0 Kudos
Employee
Employee

Re: 'Invalid segment retransmission. Packet dropped.'

Jump to solution

Just to clarify, did it drop specific packets but the connectivity remained and some packet still passed? Or from certain point all packets were dropped causing connectivity issue?

0 Kudos
B_P
Nickel

Re: 'Invalid segment retransmission. Packet dropped.'

Jump to solution

All packets are dropped.. multiple unrelated websites are not loading because of this.

0 Kudos
Highlighted
Federico-M
Copper

Re: 'Invalid segment retransmission. Packet dropped.'

Jump to solution

Hello,

Yesterday we migrated one member of one a cluster from R80.10 to R80.30 and an one of the internal applications that has been working for years without issue (Through R77.30 and R80.10) stopped working, no changes were made in the application.

After debugging we found that the packets were dropped by the signature from this post: TCP Invalid Retransmission, we fixed the issue by making an exception in the corresponding signature.

Regards,

 

Re: 'Invalid segment retransmission. Packet dropped.'

Jump to solution
We had the same problem upgraded from R80.20 to R80.30 and had application stop working (internal app) TCP Invalid Retransmission.
0 Kudos