Shunning Problem

Unanswered Question

Hi netpro's


I have a pix 515 running os 8.2 and I have an ISA server on my inside LAN which redirects HTTP traffic to an ISA server in my DMZ, which then forwards out to the internet.


I came in this morning and the PIX was shunning all traffic from the inside ISA to the DMZ ISA which meant all HTTP traffic was dropped.


Does this mean I have intruder on my inside network carrying out some kind of scanning attack?


Any help or pointers would be appreciated?


Thanks


Rod

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Yudong Wu Fri, 08/07/2009 - 11:35
User Badges:
  • Gold, 750 points or more

Check your PIX log to see if you can find anything.

It was most like shunned by threat-detection. So check the following commands as well.


show threat-detection scanning-threat

show threat-detection shun

show threat-detection statistics host

show threat-detection statistics port

show threat-detection statistics protocol


Actions

This Discussion