Cisco Support
English
Feedback Help
Cisco Support Community
Register
cancel
turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
randallrathbun
randallrathbun
Community Member
‎02-23-2010 10:46 AM
‎02-23-2010 10:46 AM

Critical Messages - shall I ignore them?

Now that I have the ASA5505 up and running, the log buffer is filling up with critical level 2 messages, such as below:

2|Feb 23 2010|09:43:14|106001|207.46.236.175|173.8.218.60|Inbound TCP connection denied from 207.46.236.175/80 to 173.8.218.60/1719 flags PSH ACK  on interface outside
2|Feb 23 2010|09:30:34|106001|208.80.152.3|173.8.218.60|Inbound TCP connection denied from 208.80.152.3/80 to 173.8.218.60/1571 flags SYN ACK  on interface outside
2|Feb 23 2010|09:29:51|106001|65.54.95.161|173.8.218.60|Inbound TCP connection denied from 65.54.95.161/80 to 173.8.218.60/1586 flags PSH ACK  on interface outside
2|Feb 23 2010|09:29:51|106001|65.54.95.161|173.8.218.60|Inbound TCP connection denied from 65.54.95.161/80 to 173.8.218.60/1586 flags ACK  on interface outside
2|Feb 23 2010|09:29:50|106001|38.113.115.195|173.8.218.60|Inbound TCP connection denied from 38.113.115.195/80 to 173.8.218.60/1597 flags ACK  on interface outside
2|Feb 23 2010|09:29:50|106001|38.113.115.195|173.8.218.60|Inbound TCP connection denied from 38.113.115.195/80 to 173.8.218.60/1596 flags ACK  on interface outside
2|Feb 23 2010|09:29:50|106001|38.113.115.195|173.8.218.60|Inbound TCP connection denied from 38.113.115.195/80 to 173.8.218.60/1595 flags ACK  on interface outside
2|Feb 23 2010|09:29:49|106001|196.30.168.79|173.8.218.60|Inbound TCP connection denied from 196.30.168.79/80 to 173.8.218.60/1579 flags PSH ACK  on interface outside
2|Feb 23 2010|09:29:49|106001|196.30.168.79|173.8.218.60|Inbound TCP connection denied from 196.30.168.79/80 to 173.8.218.60/1579 flags ACK  on interface outside
2|Feb 23 2010|09:29:49|106001|196.30.168.79|173.8.218.60|Inbound TCP connection denied from 196.30.168.79/80 to 173.8.218.60/1578 flags PSH ACK  on interface outside
2|Feb 23 2010|09:29:49|106001|196.30.168.79|173.8.218.60|Inbound TCP connection denied from 196.30.168.79/80 to 173.8.218.60/1578 flags ACK  on interface outside
2|Feb 23 2010|09:29:49|106001|196.30.168.79|173.8.218.60|Inbound TCP connection denied from 196.30.168.79/80 to 173.8.218.60/1577 flags PSH ACK  on interface outside
2|Feb 23 2010|09:29:49|106001|196.30.168.79|173.8.218.60|Inbound TCP connection denied from 196.30.168.79/80 to 173.8.218.60/1577 flags ACK  on interface outside

I did find out that 196.30.168.79 is from South Africa (if we believe that the IP inside the packet is unaltered and correct)

Shall I ignore these types of messages, or are they suggesting that I need more security policies in the "outside" interface VLAN 1?

I don't know whether to wring my hands or pat the ASA5505 on the back.

Any security gurus with some suggestions?

Randall

Labels:
0 Helpful
Reply
1 REPLY
Federico Coto Fajardo
Federico Coto Fajardo Green
Green
‎02-25-2010 08:29 AM
‎02-25-2010 08:29 AM

Re: Critical Messages - shall I ignore them?

Hi,

All seems to be connections inbound connections coming from port 80. This could be web servers responses to requests from the inside.

Do you see doing a ''sh loc internal_IP''  to see if the connections are valid web connections initiated from the inside the ASA?

Federico.

0 Helpful
Reply
Latest Documents
Snort IPS on ISR, ISRv and CSR - Step-By-Step Configuration
Created by Kureli Sankar on 04-19-2018 11:25 AM
0
0
0
0
BenefitsDocumentationPrerequisiteImage Download LinksLimitationsSupported PlatformsLicense RequirementsTopologyStep-By-Step ConfigurationConfigure Virtual ServiceActivate the virtual service and configure guest IPsConfiguring UTD (Service Plane)Configurin... view more
Upgrade Chassis Manager (FXOS)
Created by Jeet Kumar on 02-23-2018 02:51 AM
2
15
2
15
    Login to the FXOS chassis manager. Direct your browser to https://hostname/, and log-in using the user-name and password.     Go to Help > About and check the current version:    Check the current version availa... view more
ASA 5506-X with ipv6 no access to internet
Created by Klaxel on 02-08-2018 01:25 AM
3
5
3
5
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6. In Syslog I also se... view more
All Documents
540
Views
0
Helpful
1
Replies
CreatePlease to create content
Discussion
Blog
Document
Video
Popular Blogs
AnyConnect Certificate Based Authentication.
Created by Marvin Ruiz on 08-27-2012 05:20 PM
36
75
36
75
BLOG (No Title)
Created by athukral on 06-14-2011 04:23 AM
15
35
15
35
Wireless Hacking
Created by Anim Saxena on 01-24-2013 07:56 AM
2
25
2
25
All Blogs