Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

is it an PIX attack?

Hi,

Taking a look at the system log in our PIX I noticed the following message:

%PIX-3-106011: Deny inbound (No xlate) tcp src inside:x.x.x.x dst inside:y.y.y.x

%PIX-3-106011: Deny inbound (No xlate) tcp src inside:x.x.x.x dst inside:y.y.y.y

%PIX-3-106011: Deny inbound (No xlate) tcp src inside:x.x.x.x dst inside:y.y.y.z

%PIX-3-106011: Deny inbound (No xlate) icmp src inside:x.x.x.x dst inside:x.x.x.x(type 8, code 0)

%PIX-3-106011: Deny inbound (No xlate) icmp src inside:x.x.x.x dst inside:y.y.y.x(type 8, code 0)

%PIX-3-106011: Deny inbound (No xlate) icmp src inside:x.x.x.x dst inside:y.y.y.z(type 8, code 0)

This is a short of log but the destination addresses are contiguous.

Is this an attack?

Thank you.

Paolo

2 REPLIES

Re: is it an PIX attack?

Hi Paolo,

Log Message %PIX-7-106011: Deny inbound (no xlate) tcp

Explanation This is a connection-related message. This message occurs when a packet is sent to the

same interface that it arrived on. This usually indicates that a security breach is occurring. When

the PIX Firewall receives a packet, it tries to establish a translation slot based on the security

policy you set with the global and conduit commands, and your routing policy set with the route

command. Failing both policies, PIX Firewall allows the packet to flow from the higher priority

network to a lower priority network, if it is consistent with the security policy. If a packet comes

from a lower priority network and the security policy does not allow it, PIX Firewall routes the

packet back to the same interface.

To provide access from an interface with a higher security to a lower security, use the nat and

global commands. For example, use the nat command to let inside users access outside servers, to let

inside users access perimeter servers, and to let perimeter users access outside servers.

To provide access from an interface with a lower security to higher security, use the static and

conduit commands. For example, use the static and conduit commands to let outside users access

inside servers, outside users access perimeter servers, or perimeter servers access inside servers.

Recommended Action Fix your configuration to reflect your security policy for handling these attack

events.

HTH, Please rate if it does.

-amit singh

New Member

Re: is it an PIX attack?

Hi,

thank you for your post.

The strange thing is that the destination addresses are like this :

x.x.x.12

x.x.x.13

x.x.x.14

.....

I think that someone is trying to connect at this addresses with ping and telnet fastly at different adresses.

Could it be an attack?

What do you think about?

Ragards, paolo

253
Views
0
Helpful
2
Replies
CreatePlease login to create content