PIX515 : Ver 6.3.(4)- Prot scan restriction

Unanswered Question
Jan 20th, 2009

Hi All,

One of customers PIX logging "106023" messages every second. per cisco doc looks like port scan attack. As the source is varrying from various IPs, is there any way to restrict this..?

Thank you

MS

***************************************

Error Message %PIX|ASA-4-106023: Deny protocol src

[interface_name:source_address/source_port] dst

interface_name:dest_address/dest_port [type {string}, code {code}] by

access_group acl_ID

Explanation An IP packet was denied by the ACL. This message displays even if you do not have the log option enabled for an ACL.

Recommended Action : If messages persist from the same source address, messages might indicate a foot-printing or port-scanning attempt. Contact the remote host administrators.

***********************************

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.

Actions

This Discussion