%PIX-6-106015

brianwangrpm · ‎02-08-2006

Hi,

It is the description in the Cisco Web.

If the message is showned too many,Is it a signal of attack ? Or other possible reason ?

Thanks !

2006-02-08 08:04:26 Local4.Info 10.54.2.2 %PIX-6-106015: Deny TCP (no connection) from 172.27.1.253/1061 to x.x.242.138/80 flags RST on interface inside

2006-02-08 08:04:26 Local4.Info 10.54.2.2 %PIX-6-106015: Deny TCP (no connection) from 172.27.1.253/1061 to x.x7.242.138/80 flags RST on interface inside

2006-02-08 08:04:26 Local4.Info 10.54.2.2 %PIX-6-106015: Deny TCP (no connection) from 172.27.1.253/1061 to x.x.242.138/80 flags RST on interface inside

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_message_guide_chapter09186a008051a0cd.html#wp1020204

106015

Error Message %PIX-6-106015: Deny TCP (no connection) from IP_address/port to

IP_address/port flags tcp_flags on interface interface_name.

Explanation This message is logged when the firewall discards a TCP packet that has no associated connection in the firewall unit's connection table. The firewall looks for a SYN flag in the packet, which indicates a request to establish a new connection. If the SYN flag is not set, and there is not an existing connection, the firewall discards the packet.

Recommended Action None required unless the firewall receives a large volume of these invalid TCP packets. If this is the case, trace the packets to the source and determine the reason these packets were sent.

spremkumar · ‎02-08-2006

hi

Do find the link which mentions the same problem inline with yours...

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Firewalling&CommCmd=MB%3Fcmd%3Ddisplay_location%26location%3D.1dd9bb21

regds