PIX Syslogs errors

Unanswered Question
Oct 30th, 2007

I have PIX 515E with 2 interface, inside, outside, I have PAT from inside - outside and NAT from outside to inside.

I have installed CISCO ASDM, when I am monitoring the status syslog and droped packet rates I found that, ACL drop packet rate is very high, and I have too much syslogs messages for the following errors.

1 Oct 30 2007 11:57:32 106021 10.3.10.4 17.254.0.31 Deny UDP reverse path check from 10.3.10.4 to 17.254.0.31 on interface inside

4 Oct 30 2007 11:35:56 106023 218.174.106.1 82.178.21.28 Deny udp src outside:218.174.106.1/27753 dst inside:82.178.21.28/1076 by access-group "outside_access_in" [0x0, 0x0]

4 Oct 30 2007 11:35:55 106023 60.237.167.133 82.178.21.28 Deny udp src outside:60.237.167.133/7348 dst inside:82.178.21.28/1076 by access-group "outside_access_in" [0x0, 0x0]

4 Oct 30 2007 11:35:55 106023 222.77.116.18 82.178.21.28 Deny udp src outside:222.77.116.18/49154 dst inside:82.178.21.28/1076 by access-group "outside_access_in" [0x0, 0x0]

How to solve it ??

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
jaravinthan Tue, 10/30/2007 - 05:49

Hi,

As long as your device is blocking these port scanning/reconnaisance attempts, it means its working as it should.

The first log message is how the device responds or protects for spoofing attempts using Unicast RPF (Reverse Path Forwarding)

This will appear if you ahve the command "ip verify reverse-path" enabled

Other logs are attempts to connect to the Public IP you have 82.178.21.28 on port 1076. This can be ignored as long as it blocks.

If you do not want an entry added for this message you can give "no logging 106023".

Actions

This Discussion