×

Warning message

  • Cisco Support Forums is in Read Only mode while the site is being migrated.
  • Cisco Support Forums is in Read Only mode while the site is being migrated.

Invalid Field for Transport=6

Unanswered Question
Sep 19th, 2005
User Badges:

This morning, I recently received this entry on my syslog daemon from my PIX. Can anyone please shed light as to what this means? Thanks.


...%PIX-4-500004: Invalid transport field for protocol=6, from 69.226.93.202/0 to (My WAN IP)/445

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
Loading.
Patrick Iseli Mon, 09/19/2005 - 06:40
User Badges:
  • Gold, 750 points or more

Looks like someone tryed to fingerprint (OS and open port detection) your PIX with a Port Scanner. Happend all the time !


See:http://www.sans.org/y2k/110300.htm

See section 4:


4) Nmap protocol scan on firewall IP address


A protocol type nmap scan -sO upon the firewall IP showed all protocols as being active (1-133) from the scanners point of view. The firewall dropped all of these packets. Partial logfile:


sincerely

Patrick

Patrick Iseli Mon, 09/19/2005 - 06:52
User Badges:
  • Gold, 750 points or more

Cisco log and error message:


500004


Error Message %PIX-4-500004: Invalid transport field for protocol=protocol, from

source_address/source_port to dest_address/dest_port


Explanation This message appears when there is an invalid transport number, in which the source or destination port number for a protocol is zero. The protocol field is 6 for TCP and 17 for UDP.


Recommended Action If these messages persist, contact the peer's administrator.


See:

http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008051a0cd.html#wp1021158


http://www.cisco.com/en/US/partner/products/sw/secursw/ps2120/products_system_message_guides_list.html


sincerely

Patrick

Actions

This Discussion