Security Incidents mailing list archives
Re: Recon from Pakistan
From: JNelson () CMCCONTROLS COM (CL: Nelson, Jeff)
Date: Thu, 2 Mar 2000 08:48:43 -0500
Just a follow-up to my earlier post. I've spoken with the Cisco TAC.
Feb 28 16:11:48 [5.5.5.243] %PIX-7-106011: Deny self route tcp src
outside:63.70.25.75/2666 dst outside:1.1.1.43/111 This line is an attempt from the outside to connect to an external address that does not exist on the PIX because no connection has been built for an internally initiated session that uses that address. Meaning, 1.1.1.43 isn't being used (NAT) at the moment.
Feb 28 16:38:00 [5.5.5.243] %PIX-2-106001: Inbound TCP connection denied
from 63.70.25.75/2666 to 5.5.5.219/111 flags SYN This line is seen when an outside source initiates a connection to an IP address (NAT) that is being used for a session that is currently in progress. The PIX uses the internal address for the established connection in the syslog. If this is confusing to anybody, just email me direct. I don't want to get into deciphering PIX syslog on the list. However, since I posted the original question, I thought I would also post the answer as well for closure. Cheers, Jeff
<<<<<<<<<<<<<<<<<<<<<<<<<<
Jeffrey L. Nelson | Cleveland Motion Controls Network Manager | 7550 Hub Parkway | Cleveland, Ohio 44125 jnelson () cmccontrols com | 216-642-5147
<<<<<<<<<<<<<<<<<<<<<<<<<<
Current thread:
- Recon from Pakistan CL: Nelson, Jeff (Feb 29)
- <Possible follow-ups>
- Re: Recon from Pakistan CL: Nelson, Jeff (Mar 02)