I have been noticing high number of connections and translates over the past few days and I go into the cli and do a show conn and there will be what seems to me an awful lot of connections from the same IP to google or other web sites. I am by no means a PIX expert but it seems a little weird to me.
Well I have that underway now but its just troubling how many different ip addresses have multiple connections. I did a little experiment and opened a browser and went to google. I did a search and left it up on the page of search returns. I then went to the pix cli and did a show conn local "my IP". It showed only three entries. There are people with 10 times that many. I have an Enterasys IDS in place as well and I dont see anything hitting a trojan signature or anything so I am just looking for advice of what else to look for. Security is not my specialty yet but I want to learn as much as I can about it and I know you guys are much more well versed in it than I.
Below is a URL that has some information on monitoring Pix Firewalls. I would make use of the commands listed in the URL and monitor the pix and make sure that you are not under any attack.
I think I read this exact page today. I run ASDM as well so I always have it open monitoring connections and bandwidth. So I can see the number of connections all the time. Its just trying to figure out why there are so many. I wish there were a way I could display all connections per IP address but I havent been able to find any tool that will do that.
Getting Started
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:
