Re: Pix 501 Logs - Where I can see attacks (from hackers)?
You need to enable 'ip audit' i.e. IDS feature on the PIX which scans for common signatures/attacks.
Cisco Intrusion Detection System (Cisco IDS) provides the following for IP-based systems:
Traffic auditing. Application-level signatures will only be audited as part of an active session.
Applies the audit to an interface.
Supports different audit policies. Traffic matching a signature triggers a range of configurable actions.
Disables the signature audit.
Enables IDS and still disables actions of a signature class (informational, attack).
Auditing is performed by looking at the IP packets as they arrive at an input interface, if a packet triggers a signature and the configured action does not drop the packet, then the same packet can trigger other signatures.
PIX Firewall supports both inbound and outbound auditing.
For a complete list of supported Cisco IDS signatures, their wording, and whether they are attack or informational messages, refer to Cisco PIX Firewall System Log Messages.
Supported IDS Signatures
PIX Firewall lists the following single-packet IDS signature messages: 1000-1006, 1100, 1102, 1103, 2000-2012, 2150, 2151, 2154, 3040-3042, 4050-4052, 6050-6053, 6100-6103, 6150-6155, 6175, 6180, and 6190.
IDS syslog messages all start with %PIX-4-4000nn and have the following format:
%PIX-4-400013 IDS:2003 ICMP redirect from 10.4.1.2 to 10.2.1.1 on interface dmz
%PIX-4-400032 IDS:4051 UDP Snork attack from 10.1.1.1 to 192.168.1.1 on interface outside
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...