Being fairly new to networking and especially managing a pix firewall i have a question concerning a syslog message. we are running a pix 506e ver 6.1 and i have seen this message on a daily basis:
%PIX-5-304001: 18.104.22.168 Accessed URL 22.214.171.124:/MSADC/root.exe?/c dir
it is my understanding that this could be a worm trying to hit an IIS web server. we dont' use IIS but should this concern me and can i block this from even coming through the pix. the only access from the outside is on port 80.
Table of ContentsIntroductionVersion HistoryPossible Future
UpdatesDocuments PurposeNAT Operation in ASA 8.3+ SectionsRule Types
Network Object NATTwice NAT / Manual NATRule Types used per SectionNAT
Types used with Twice NAT / Manual NAT and Network Obje...
Table of Contents Introduction:This document describes details on how
NAT-T works. Background: ESP encrypts all critical information,
encapsulating the entire inner TCP/UDP datagram within an ESP header.
ESP is an IP protocol in the same sense that TCP an...