Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

help,about the warning of PIX

I use the logging to a syslog server(logging trap 2),168.168.44.1 is the ip address of pix(in the subnet,there are 3 unix server & about 5-6 windows workstation):

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 218.6.155.0 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 61.252.137.5 on interface

outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 202.120.255.39 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 218.181.26.160 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 211.216.61.211 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 63.89.130.214 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 200.65.241.135 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 199.253.71.150 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 169.56.26.126 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 200.57.143.242 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 202.184.66.132 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 210.198.157.33 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 211.61.164.11 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 219.37.205.49 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 202.122.179.14 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 211.46.14.207 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 61.114.227.180 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 61.50.248.184 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 61.222.139.116 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 199.67.65.20 on interface outside

2003-08-25 11:28:33 local4.critical 168.168.44.1 %pix-2-106016: deny ip spoof from (0.0.0.0) to 210.103.157.235 on interface outside

  • Other Security Subjects
1 REPLY
Gold

Re: help,about the warning of PIX

Jeff,

Please read the following doc, This cisco doc is for PIX 5.3 using conduits but if you have access-lists then use ACL's to sort out your spoofing problem.

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v53/syslog/pixemsgs.htm#10506

Hope this helps - Jay

188
Views
0
Helpful
1
Replies
This widget could not be displayed.