07-26-2006 10:38 PM - edited 03-09-2019 03:43 PM
3|Jul 27 2006 07:20:06|106011: Deny inbound (No xlate) tcp src Win:10.161.0.113/2671 dst Win:10.161.155.230/445
What could the possible cause for getting a flood of the above log on ASDM.Would it be a false alarm..
07-26-2006 11:36 PM
Hi aksher,
It looks like false alarm to me.It looks as if client 10.161.0.113 has netbios enabled and it is trying to connect repeatedly to server 10.161.0.113 on tcp port 445.Ideally if client is not able to connect to server on port 445 then it tries to connect the server at tcp port 139.
Kindly let me know if it helps.
cheers
Sachin
07-27-2006 12:22 AM
How can we disable this false alarm ?
My firewall send thousands of this log daily from clients.
Regards
07-27-2006 02:36 AM
Hi,
There a couple of options:
1) Turn off the message completely with "no logging message 106011"
2) Lower the logging level with "logging message 106011 level 7" (for example - but depending on your current logging level this might not change much)
It really depends on your security policy as to what you log and what you don't.
HTH
Andrew.
07-27-2006 01:33 PM
Hallo Aksher.
It seems that you doesn't have a statement like "nat" or "static" nor route for connections from network 10.161.0.0 to 10.161.155.0. (certain one interface to a other)
The firewall does not know how it should handle this connection.
My suggestion: block it.
Better: Why want 10.161.0.113 make a connection to 10.161.155.230? Find the answer and resolve it.
If i block all messages with "no logging message ..." i will have a router, but not a firewall.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide