why is this an invalid packet

I am logging the dropped invalid packets by my iptables script. I get
quite a bit in my log file (a few lines every hour):

Jan 25 15:24:29 red kernel: Invalid Outgoing IN= OUT=eth0
SRC=192.168.0.2 DST=194.109.137.218 LEN=52 TOS=0x00 PREC=0x00 TTL=64
ID=306 DF PROTO=TCP SPT=44797 DPT=80 WINDOW=25884 RES=0x00 ACK PSH FIN
URGP=0

How can I determine why this packet was determined to be invalide. The
rule to check invalid state comes after the rules allowing lo traffic
and allowing packtes related to realplayer.

Thanks,
->HS


--
Please remove the underscores ( the '_' symbols) from my email address
to obtain the correct one. Apologies, but the fudging is to remove spam.

H. S. wrote:
>
> I am logging the dropped invalid packets by my iptables script. I get
> quite a bit in my log file (a few lines every hour):
>
> Jan 25 15:24:29 red kernel: Invalid Outgoing IN= OUT=eth0
> SRC=192.168.0.2 DST=194.109.137.218 LEN=52 TOS=0x00 PREC=0x00 TTL=64
> ID=306 DF PROTO=TCP SPT=44797 DPT=80 WINDOW=25884 RES=0x00 ACK PSH FIN
> URGP=0
>
> How can I determine why this packet was determined to be invalide. The
> rule to check invalid state comes after the rules allowing lo traffic
> and allowing packtes related to realplayer.
>
> Thanks,
> ->HS

It could be because of the combination of TCP flags. Maybe your
firewall it's denying it.

Regards.

--

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
(E-Mail Removed)
bgSEC Seguridad y Consultoria de Sistemas Informaticos
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
-- Jack Kerouac, "On the Road"