help with log entries
From: aduenas@skytel.com.co
Date: 02/26/03
- Previous message: Vlad Tsyrklevich: "Re: Download Managers"
- In reply to: Dina Kamal: "Re: Cisco PIX ip audit command"
- Next in thread: David Gillett: "RE: help with log entries"
- Reply: David Gillett: "RE: help with log entries"
- Reply: David M. Fetter: "Re: help with log entries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
From: aduenas@skytel.com.co Date: Wed, 26 Feb 2003 20:52:57 GMT To: security-basics@securityfocus.com
Hi,
I am getting some confusing log entries from my Cisco Pix firewall. At
first I thought that it was a network problem but I don't have any other
evidence to support that assumption.
The log entries look like this. Destination IP addresses changed....
Feb 26 15:32:49 firewall %PIX-6-106015: Deny TCP (no connection) from
161.58.238.151/110 to a.b.c.d/3782 flags RST ACK on interface outside
Feb 26 15:32:50 firewall %PIX-6-106015: Deny TCP (no connection) from
161.58.238.151/110 to a.b.c.d/3783 flags RST PSH ACK on interface
outside
Feb 26 15:32:50 firewall %PIX-6-106015: Deny TCP (no connection) from
200.24.76.3/110 to a.b.c.d/3796 flags RST ACK on interface outside
Feb 26 15:32:51 firewall %PIX-6-106015: Deny TCP (no connection) from
200.24.76.8/110 to a.b.c.d/3768 flags RST ACK on interface outside
Feb 26 15:33:02 firewall %PIX-6-106015: Deny TCP (no connection) from
66.35.250.206/59231 to 10.10.10.4/25 flags RST on interface outside
Feb 26 15:33:02 firewall %PIX-6-106015: Deny TCP (no connection) from
66.35.250.206/59231 to 10.10.10.4/25 flags RST on interface outside
Feb 26 15:33:04 firewall %PIX-6-106015: Deny TCP (no connection) from
66.35.250.206/59231 to 10.10.10.4/25 flags RST PSH ACK on interface
inside
Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from
161.58.238.151/110 to a.b.c.d/3843 flags RST ACK on interface outside
Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from
161.58.238.151/110 to a.b.c.d/3845 flags RST ACK on interface outside
Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from
161.58.238.151/110 to a.b.c.d/3847 flags RST ACK on interface outside
Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from
161.58.238.151/110 to a.b.c.d/3846 flags RST ACK on interface outside
Feb 26 15:33:48 firewall %PIX-6-106015: Deny TCP (no connection) from
200.24.76.8/110 to a.b.c.d/3830 flags RST ACK on interface outside
Feb 26 15:33:51 firewall %PIX-6-106015: Deny TCP (no connection) from
200.24.76.3/110 to a.b.c.d/3860 flags RST ACK on interface outside
If anyone has any clues or suggestions I would be most grateful!
- Next message: Leo Security: "Re: Download Managers"
- Previous message: Vlad Tsyrklevich: "Re: Download Managers"
- In reply to: Dina Kamal: "Re: Cisco PIX ip audit command"
- Next in thread: David Gillett: "RE: help with log entries"
- Reply: David Gillett: "RE: help with log entries"
- Reply: David M. Fetter: "Re: help with log entries"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
