Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Many %PIX-3-106011 events in external interface

Hello List.

I have many messages with this event.(%PIX-3- 106011)

If this event on attack or the problem is the timeout configuration in xlate ?

Other problem is the source port for incoming packets. Look this message :

Nov 27 09:06:27 XXX.XXX.XXX.XXX Nov 27 2001 03:52:04: %PIX-X-106011: Deny inbound (No xlate) tcp src outside:XXX.XXX.245.224/1762 dst outside:XXX.XXX.149.66/27374

On Pix rules I not permit access to this destination ports.

Thanks for you help.

JJ

1 REPLY
New Member

Re: Many %PIX-3-106011 events in external interface

Someone is trying to connect to the address xxx.xxx.149.66 using port 27374.

If you are getting a ton of these messages in a very short time frame, all with different ports... then you are being scanned.

If it just the same port over and over again... /shrug Not sure why someone would keep doing it repeadily.

115
Views
0
Helpful
1
Replies
CreatePlease to create content