Shunning Problem

Unanswered Question

Hi netpro's

I have a pix 515 running os 8.2 and I have an ISA server on my inside LAN which redirects HTTP traffic to an ISA server in my DMZ, which then forwards out to the internet.

I came in this morning and the PIX was shunning all traffic from the inside ISA to the DMZ ISA which meant all HTTP traffic was dropped.

Does this mean I have intruder on my inside network carrying out some kind of scanning attack?

Any help or pointers would be appreciated?

Thanks

Rod

I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yudong Wu Fri, 08/07/2009 - 11:35

Check your PIX log to see if you can find anything.

It was most like shunned by threat-detection. So check the following commands as well.

show threat-detection scanning-threat

show threat-detection shun

show threat-detection statistics host

show threat-detection statistics port

show threat-detection statistics protocol

Actions

This Discussion