syslog from ASDM

aksher · ‎07-26-2006

3|Jul 27 2006 07:20:06|106011: Deny inbound (No xlate) tcp src Win:10.161.0.113/2671 dst Win:10.161.155.230/445

What could the possible cause for getting a flood of the above log on ASDM.Would it be a false alarm..

sachinverma · ‎07-26-2006

Hi aksher,

It looks like false alarm to me.It looks as if client 10.161.0.113 has netbios enabled and it is trying to connect repeatedly to server 10.161.0.113 on tcp port 445.Ideally if client is not able to connect to server on port 445 then it tries to connect the server at tcp port 139.

Kindly let me know if it helps.

cheers

Sachin

tckoon · ‎07-27-2006

How can we disable this false alarm ?

My firewall send thousands of this log daily from clients.

Regards

andrew.burns · ‎07-27-2006

Hi,

There a couple of options:

1) Turn off the message completely with "no logging message 106011"

2) Lower the logging level with "logging message 106011 level 7" (for example - but depending on your current logging level this might not change much)

It really depends on your security policy as to what you log and what you don't.

HTH

Andrew.

Andre Weissflog · ‎07-27-2006

Hallo Aksher.

It seems that you doesn't have a statement like "nat" or "static" nor route for connections from network 10.161.0.0 to 10.161.155.0. (certain one interface to a other)

The firewall does not know how it should handle this connection.

My suggestion: block it.

Better: Why want 10.161.0.113 make a connection to 10.161.155.230? Find the answer and resolve it.

If i block all messages with "no logging message ..." i will have a router, but not a firewall.