12-09-2008 12:14 PM - edited 03-11-2019 07:23 AM
Hi All,
I have been noticing high number of connections and translates over the past few days and I go into the cli and do a show conn and there will be what seems to me an awful lot of connections from the same IP to google or other web sites. I am by no means a PIX expert but it seems a little weird to me.
12-09-2008 01:50 PM
Have you checked the host that owns the address for viruses, malware, etc.?
HTH,
John
12-09-2008 02:58 PM
Well I have that underway now but its just troubling how many different ip addresses have multiple connections. I did a little experiment and opened a browser and went to google. I did a search and left it up on the page of search returns. I then went to the pix cli and did a show conn local "my IP". It showed only three entries. There are people with 10 times that many. I have an Enterasys IDS in place as well and I dont see anything hitting a trojan signature or anything so I am just looking for advice of what else to look for. Security is not my specialty yet but I want to learn as much as I can about it and I know you guys are much more well versed in it than I.
12-09-2008 02:16 PM
Hi,
Below is a URL that has some information on monitoring Pix Firewalls. I would make use of the commands listed in the URL and monitor the pix and make sure that you are not under any attack.
Regards,
Arul
*Pls rate if it helps*
12-09-2008 03:03 PM
I think I read this exact page today. I run ASDM as well so I always have it open monitoring connections and bandwidth. So I can see the number of connections all the time. Its just trying to figure out why there are so many. I wish there were a way I could display all connections per IP address but I havent been able to find any tool that will do that.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide