help with log entries

From: aduenas@skytel.com.co
Date: 02/26/03

  • Next message: Leo Security: "Re: Download Managers"
    From: aduenas@skytel.com.co
    Date: Wed, 26 Feb 2003 20:52:57 GMT
    To: security-basics@securityfocus.com
    
    

    Hi,

    I am getting some confusing log entries from my Cisco Pix firewall. At
    first I thought that it was a network problem but I don't have any other
    evidence to support that assumption.

    The log entries look like this. Destination IP addresses changed....

    Feb 26 15:32:49 firewall %PIX-6-106015: Deny TCP (no connection) from
    161.58.238.151/110 to a.b.c.d/3782 flags RST ACK on interface outside
    Feb 26 15:32:50 firewall %PIX-6-106015: Deny TCP (no connection) from
    161.58.238.151/110 to a.b.c.d/3783 flags RST PSH ACK on interface
    outside
    Feb 26 15:32:50 firewall %PIX-6-106015: Deny TCP (no connection) from
    200.24.76.3/110 to a.b.c.d/3796 flags RST ACK on interface outside
    Feb 26 15:32:51 firewall %PIX-6-106015: Deny TCP (no connection) from
    200.24.76.8/110 to a.b.c.d/3768 flags RST ACK on interface outside
    Feb 26 15:33:02 firewall %PIX-6-106015: Deny TCP (no connection) from
    66.35.250.206/59231 to 10.10.10.4/25 flags RST on interface outside
    Feb 26 15:33:02 firewall %PIX-6-106015: Deny TCP (no connection) from
    66.35.250.206/59231 to 10.10.10.4/25 flags RST on interface outside
    Feb 26 15:33:04 firewall %PIX-6-106015: Deny TCP (no connection) from
    66.35.250.206/59231 to 10.10.10.4/25 flags RST PSH ACK on interface
    inside
    Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from
    161.58.238.151/110 to a.b.c.d/3843 flags RST ACK on interface outside
    Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from
    161.58.238.151/110 to a.b.c.d/3845 flags RST ACK on interface outside
    Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from
    161.58.238.151/110 to a.b.c.d/3847 flags RST ACK on interface outside
    Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from
    161.58.238.151/110 to a.b.c.d/3846 flags RST ACK on interface outside
    Feb 26 15:33:48 firewall %PIX-6-106015: Deny TCP (no connection) from
    200.24.76.8/110 to a.b.c.d/3830 flags RST ACK on interface outside
    Feb 26 15:33:51 firewall %PIX-6-106015: Deny TCP (no connection) from
    200.24.76.3/110 to a.b.c.d/3860 flags RST ACK on interface outside

    If anyone has any clues or suggestions I would be most grateful!



    Relevant Pages

    • Re: help with log entries
      ... > I am getting some confusing log entries from my Cisco Pix firewall. ... > 161.58.238.151/110 to a.b.c.d/3782 flags RST ACK on interface outside ... > 66.35.250.206/59231 to 10.10.10.4/25 flags RST PSH ACK on interface ...
      (Security-Basics)
    • RE: help with log entries
      ... Port 110 is used by the POP3 email protocol. ... connection, ... > 161.58.238.151/110 to a.b.c.d/3782 flags RST ACK on interface outside ...
      (Security-Basics)
    • avahi logging "Invalid legacy unicast query packet" my config?
      ... I'm curious about the following log entries: ... source port 46404 on interface 'eth0.0' ... Didn't find much about them in the archives of this list. ...
      (Fedora)