Deny TCP Reverse Path Check

Unanswered Question
Jan 11th, 2008
User Badges:

I have a pix 506E and I get ~ 20 /sec of the these messages. The message is Deny tcp src dst inside:yyy.yyy.yyy.yyy/25 by access-group "OUTSIDE_ACCESS_IN"

Where yyy.yyy.yyy.yyy is my webserver. I realize that this means its being blocked, but its becoming a DoS due to the high number. They are comming from many different external IP addresses

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
gfullage Sun, 01/13/2008 - 21:57
User Badges:
  • Cisco Employee,

Syslog message 106023 simply indicates that the firewall has denied a packet based on the src/dest in the syslog itself.

What I would be asking is why are so many different external servers trying to send email (TCP/25) to my web server? Is your web server an email server as well? Is your web server listed with an MX entry in DNS for your domain? If so, why are you not allowing other mail servers to send email to it?

chris unger Mon, 01/14/2008 - 09:10
User Badges:

Thank you for the response.

My web server is not an email server, our external DNS MX record doesn't point to the webserver. The only traffic allowed by my ACL is port 80.

I feel that we are being attacked, and I have tried tracing the Ip addresses and report them but so far I haven't succeced with any.


This Discussion