Deny TCP Reverse Path Check

Unanswered Question
Jan 11th, 2008

I have a pix 506E and I get ~ 20 /sec of the these messages. The message is Deny tcp src outside:xxx.xxx.xxx.xxx/29977 dst inside:yyy.yyy.yyy.yyy/25 by access-group "OUTSIDE_ACCESS_IN"

Where yyy.yyy.yyy.yyy is my webserver. I realize that this means its being blocked, but its becoming a DoS due to the high number. They are comming from many different external IP addresses

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
gfullage Sun, 01/13/2008 - 21:57

Syslog message 106023 simply indicates that the firewall has denied a packet based on the src/dest in the syslog itself.

What I would be asking is why are so many different external servers trying to send email (TCP/25) to my web server? Is your web server an email server as well? Is your web server listed with an MX entry in DNS for your domain? If so, why are you not allowing other mail servers to send email to it?

chris unger Mon, 01/14/2008 - 09:10

Thank you for the response.

My web server is not an email server, our external DNS MX record doesn't point to the webserver. The only traffic allowed by my ACL is port 80.

I feel that we are being attacked, and I have tried tracing the Ip addresses and report them but so far I haven't succeced with any.

Actions

This Discussion