I have been noticing high number of connections and translates over the past few days and I go into the cli and do a show conn and there will be what seems to me an awful lot of connections from the same IP to google or other web sites. I am by no means a PIX expert but it seems a little weird to me.
Well I have that underway now but its just troubling how many different ip addresses have multiple connections. I did a little experiment and opened a browser and went to google. I did a search and left it up on the page of search returns. I then went to the pix cli and did a show conn local "my IP". It showed only three entries. There are people with 10 times that many. I have an Enterasys IDS in place as well and I dont see anything hitting a trojan signature or anything so I am just looking for advice of what else to look for. Security is not my specialty yet but I want to learn as much as I can about it and I know you guys are much more well versed in it than I.
Below is a URL that has some information on monitoring Pix Firewalls. I would make use of the commands listed in the URL and monitor the pix and make sure that you are not under any attack.
I think I read this exact page today. I run ASDM as well so I always have it open monitoring connections and bandwidth. So I can see the number of connections all the time. Its just trying to figure out why there are so many. I wish there were a way I could display all connections per IP address but I havent been able to find any tool that will do that.
Learn, share, save
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
