'Re: help with log entries'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       security-basics
Subject:    Re: help  with log entries
From:       "David M. Fetter" <david.fetter () fetterconsulting ! com>
Date:       2003-02-28 2:29:28
[Download RAW message or body]

It looks like those external ip addresses are being denied by your 
firewall to connect to the inside.  All the from ports are 110 which is 
pop email, so it's almost like those people are trying to send relay 
traffic or something over your connection, but again it's being denied.

aduenas@skytel.com.co wrote:
> Hi,
> 
> I am getting some confusing log entries from my Cisco Pix firewall. At
> first I thought that it was a network problem but I don't have any other
> evidence to support that assumption.
> 
> The log entries look like this. Destination IP addresses changed....
> 
> Feb 26 15:32:49 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 161.58.238.151/110 to a.b.c.d/3782 flags RST ACK  on interface outside
> Feb 26 15:32:50 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 161.58.238.151/110 to a.b.c.d/3783 flags RST PSH ACK  on interface 
> outside
> Feb 26 15:32:50 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 200.24.76.3/110 to a.b.c.d/3796 flags RST ACK  on interface outside
> Feb 26 15:32:51 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 200.24.76.8/110 to a.b.c.d/3768 flags RST ACK  on interface outside
> Feb 26 15:33:02 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 66.35.250.206/59231 to 10.10.10.4/25 flags RST  on interface outside
> Feb 26 15:33:02 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 66.35.250.206/59231 to 10.10.10.4/25 flags RST  on interface outside
> Feb 26 15:33:04 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 66.35.250.206/59231 to 10.10.10.4/25 flags RST PSH ACK  on interface 
> inside
> Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 161.58.238.151/110 to a.b.c.d/3843 flags RST ACK  on interface outside
> Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 161.58.238.151/110 to a.b.c.d/3845 flags RST ACK  on interface outside
> Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 161.58.238.151/110 to a.b.c.d/3847 flags RST ACK  on interface outside
> Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 161.58.238.151/110 to a.b.c.d/3846 flags RST ACK  on interface outside
> Feb 26 15:33:48 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 200.24.76.8/110 to a.b.c.d/3830 flags RST ACK  on interface outside
> Feb 26 15:33:51 firewall %PIX-6-106015: Deny TCP (no connection) from 
> 200.24.76.3/110 to a.b.c.d/3860 flags RST ACK  on interface outside
> 
> If anyone has any clues or suggestions I would be most grateful!
> 
> 
> 
> 
> 


-- 
David M. Fetter - http://www.fetterconsulting.com/

"The world is full of power and energy and a person can go far by just 
skimming off a tiny bit of it." Neal Stephenson - Snow Crash

[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic