We are logging syslog for a large # of PIX firewalls. We also have 5.x Sensors inspecting traffic flowing from the inside int of the PIX. For some reason sig 4600 fires constantly, attacker is PIX inside and victim is the syslog server. We are seeing this happen on only ASA/PIX 7.0. PIX 6.3 it is not happening.
I know this is a false positive because MySDN says this is only IOS related.
Signature 4600 triggers on a very short packet. This could be a genuine benign trigger. Is there any chance you could send a sniffer capture of syslog traffic you know is causing this alert to fire. You can PGP encrypt the email to me (firstname.lastname@example.org), my key is available from public servers.
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...