Abnormally High Number Of Connections and Xlates

Unanswered Question
Dec 9th, 2008

Hi All,

I have been noticing high number of connections and translates over the past few days and I go into the cli and do a show conn and there will be what seems to me an awful lot of connections from the same IP to google or other web sites. I am by no means a PIX expert but it seems a little weird to me.

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
John Blakley Tue, 12/09/2008 - 13:50

Have you checked the host that owns the address for viruses, malware, etc.?



jrpayne1970 Tue, 12/09/2008 - 14:58

Well I have that underway now but its just troubling how many different ip addresses have multiple connections. I did a little experiment and opened a browser and went to google. I did a search and left it up on the page of search returns. I then went to the pix cli and did a show conn local "my IP". It showed only three entries. There are people with 10 times that many. I have an Enterasys IDS in place as well and I dont see anything hitting a trojan signature or anything so I am just looking for advice of what else to look for. Security is not my specialty yet but I want to learn as much as I can about it and I know you guys are much more well versed in it than I.

jrpayne1970 Tue, 12/09/2008 - 15:03

I think I read this exact page today. I run ASDM as well so I always have it open monitoring connections and bandwidth. So I can see the number of connections all the time. Its just trying to figure out why there are so many. I wish there were a way I could display all connections per IP address but I havent been able to find any tool that will do that.


This Discussion