Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
258
Views
0
Helpful
1
Replies

excessive dropped packets

ohassairi
Level 5
Level 5

‎11-01-2007 01:35 AM - edited ‎03-03-2019 05:36 AM

hello

i activated syslog in my PIX.

i am receiving many syslog msg in this format:

deny tcp source outside:PBIP/80 dest inside:MyPBIP/rndport

where PBIP is a public IP and MyPBIP is the public IP of my external interface in PIX.

they seems to be like data packets coming from web servers. they should pass and come to internal clients.

some PBIP belong to yahoo or google, so they do noy seems to be like an attack if we are sure they r not spoofed.

but why pix drops this packets? do they arrive late so it considers them out of connection?

any comment? thanks

Labels:
0 Helpful
1 Reply 1

lgijssel
Level 9
Level 9

‎11-01-2007 02:32 AM

Your guess that these packets are "too late" is in fact correct. This kind of traffic is only allowed-in as long as a dynamic nat translation exists. When the conection is idle for some time, the translation entry is removed by the PIX and further traffic is denied.

Likely these are updates from pages with dynamic content or so where the webserver has not received a disconnect message from the client.

reagrds,

Leo

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents