https://community.cisco.com/t5/network-security/syslog-asa-4-313005-and-black-nurse/m-p/3056560#M147294 <P>Hello,</P> <P></P> <P>There are high around of ASA syslog related to ASA-4-313005 which also related to ICMP type3, code 3</P> <P>------</P> <P>Jan 26 10:36:04 192.168.10.2 %ASA-4-313005: No matching connection for ICMP error message: icmp src INSIDE:111.222.333.444 dst INSIDE:555.666.777.888 (type 3, code 3) on inside interface.&nbsp; Original IP payload: udp src 111.222.333.444/6343 dst 555.666.777.888/6343.</P> <P>Jan 26 10:36:04 192.168.10.2 %ASA-4-313005: No matching connection for ICMP error message: icmp src outside:111.222.333.555 dst INSIDE:777.888.333.444 (type 3, code 3) on outside interface.&nbsp; Original IP payload: udp src 111.222.333.555/59851 dst 777.888.333.444/53.</P> <P>Jan 26 10:36:04 192.168.10.2 %ASA-4-313005: No matching connection for ICMP error message: icmp src outside:555.666.777.888 dst INSIDE:123.123.123.123 (type 3, code 3) on outside interface.&nbsp; Original IP payload: udp src 123.123.123.123/59764 dst 555.666.777.888/53.</P> <P>-----</P> <P>Is it related to Black Nurse attack?</P> <P></P> <P>Thanks!</P> <P></P> Tue, 12 Mar 2019 08:50:13 GMT Machi Ma 2019-03-12T08:50:13Z https://community.cisco.com/t5/network-security/syslog-asa-4-313005-and-black-nurse/m-p/3056560#M147294 <P>Hello,</P> <P></P> <P>There are high around of ASA syslog related to ASA-4-313005 which also related to ICMP type3, code 3</P> <P>------</P> <P>Jan 26 10:36:04 192.168.10.2 %ASA-4-313005: No matching connection for ICMP error message: icmp src INSIDE:111.222.333.444 dst INSIDE:555.666.777.888 (type 3, code 3) on inside interface.&nbsp; Original IP payload: udp src 111.222.333.444/6343 dst 555.666.777.888/6343.</P> <P>Jan 26 10:36:04 192.168.10.2 %ASA-4-313005: No matching connection for ICMP error message: icmp src outside:111.222.333.555 dst INSIDE:777.888.333.444 (type 3, code 3) on outside interface.&nbsp; Original IP payload: udp src 111.222.333.555/59851 dst 777.888.333.444/53.</P> <P>Jan 26 10:36:04 192.168.10.2 %ASA-4-313005: No matching connection for ICMP error message: icmp src outside:555.666.777.888 dst INSIDE:123.123.123.123 (type 3, code 3) on outside interface.&nbsp; Original IP payload: udp src 123.123.123.123/59764 dst 555.666.777.888/53.</P> <P>-----</P> <P>Is it related to Black Nurse attack?</P> <P></P> <P>Thanks!</P> <P></P> Tue, 12 Mar 2019 08:50:13 GMT https://community.cisco.com/t5/network-security/syslog-asa-4-313005-and-black-nurse/m-p/3056560#M147294 Machi Ma 2019-03-12T08:50:13Z https://community.cisco.com/t5/network-security/syslog-asa-4-313005-and-black-nurse/m-p/3056561#M147297 <P>This looks like a genuine response for original packets sent across the ASA. &nbsp;For example:</P> <PRE class="prettyprint"><SPAN>Original IP payload: udp src 111.222.333.555/59851 dst 777.888.333.444/53.</SPAN></PRE> <P>The black nurse attack is usually originated from the outside to inside with a large stream.</P> <P>Another indicator that this may not be an attack is the fact that the first message was between Inside to Inside interface. It's highly unlikely that an attack would occur from within the network (possible though). It would be good to investigate the inside host sending the packet in the place to see if this is a genuine packet.</P> Thu, 26 Jan 2017 05:28:31 GMT https://community.cisco.com/t5/network-security/syslog-asa-4-313005-and-black-nurse/m-p/3056561#M147297 Rahul Govindan 2017-01-26T05:28:31Z https://community.cisco.com/t5/network-security/syslog-asa-4-313005-and-black-nurse/m-p/3056562#M147299 <P>Hi,</P> <P></P> <P><SPAN>BlackNurse is based on ICMP with Type 3 Code 3 packets. So the above error which you posted is</SPAN>&nbsp;related to Black Nurse Attack.It's known also to cisco as&nbsp;<SPAN>DoS vulnerability with ICMP default implementation. Chick link below, hope it will help.</SPAN></P> <P>https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvc07227/?referring_site=s</P> <P></P> <P>Regards</P> Thu, 26 Jan 2017 07:19:05 GMT https://community.cisco.com/t5/network-security/syslog-asa-4-313005-and-black-nurse/m-p/3056562#M147299 saif musa 2017-01-26T07:19:05Z