PIX515 : Ver 6.3.(4)- Prot scan restriction

Unanswered Question
Jan 20th, 2009
User Badges:

Hi All,

One of customers PIX logging "106023" messages every second. per cisco doc looks like port scan attack. As the source is varrying from various IPs, is there any way to restrict this..?

Thank you



Error Message %PIX|ASA-4-106023: Deny protocol src

[interface_name:source_address/source_port] dst

interface_name:dest_address/dest_port [type {string}, code {code}] by

access_group acl_ID

Explanation An IP packet was denied by the ACL. This message displays even if you do not have the log option enabled for an ACL.

Recommended Action : If messages persist from the same source address, messages might indicate a foot-printing or port-scanning attempt. Contact the remote host administrators.


  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)


This Discussion