Attached is the explantion given for the mentioned log
Explanation A client issued an FTP port command and supplied an address other than the address used in the connection. This error message is indicative of an attempt to avert the site.s security policy. For example, an attacker might attempt to hijack an FTP session by changing the packet on the way, and putting different source information instead of the correct source information. The security appliance drops the packet, terminates the connection, and logs the event. The address in parenthesis is the address from the port command.
Is the address in paranthesis that of the client accessing the FTP service?
The packet I captured in front of FW looks like "PORT 192,168,1,9,19,137\r\n" and "Active IP address: 192.168.1.9 (192.168.1.9)".
Very interestingly, same client accessing an identical FTP server (but it has been put outside of the FW) with a correct PORT Command which has rewrite this private IP to a public IP (the source IP of the packets).
Any idea why this happened? I checed the packets sent from the server to the client before this PORT Command. Seems to me all is identical. I don't see the server has gave the client any hint to use different styles of "PORT Command" to access me.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :