https://community.cisco.com/t5/network-security/pix-syslogs-errors/m-p/828305#M495037 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>As long as your device is blocking these port scanning/reconnaisance attempts, it means its working as it should.</P><P></P><P>The first log message is how the device responds or protects for spoofing attempts using Unicast RPF (Reverse Path Forwarding)</P><P></P><P>This will appear if you ahve the command "ip verify reverse-path" enabled</P><P></P><P>Other logs are attempts to connect to the Public IP you have 82.178.21.28 on port 1076. This can be ignored as long as it blocks.</P><P></P><P>If you do not want an entry added for this message you can give "no logging 106023".</P></BODY></HTML> Tue, 30 Oct 2007 12:49:31 GMT jaravinthan 2007-10-30T12:49:31Z https://community.cisco.com/t5/network-security/pix-syslogs-errors/m-p/828304#M495032 <P>I have PIX 515E with 2 interface, inside, outside, I have PAT from inside - outside and NAT from outside to inside.</P><P>I have installed CISCO ASDM, when I am monitoring the status syslog and droped packet rates I found that, ACL drop packet rate is very high, and I have too much syslogs messages for the following errors.</P><P>1 Oct 30 2007 11:57:32 106021 10.3.10.4 17.254.0.31 Deny UDP reverse path check from 10.3.10.4 to 17.254.0.31 on interface inside</P><P> </P><P> </P><P>4 Oct 30 2007 11:35:56 106023 218.174.106.1 82.178.21.28 Deny udp src outside:218.174.106.1/27753 dst inside:82.178.21.28/1076 by access-group "outside_access_in" [0x0, 0x0]</P><P> </P><P>4 Oct 30 2007 11:35:55 106023 60.237.167.133 82.178.21.28 Deny udp src outside:60.237.167.133/7348 dst inside:82.178.21.28/1076 by access-group "outside_access_in" [0x0, 0x0]</P><P>4 Oct 30 2007 11:35:55 106023 222.77.116.18 82.178.21.28 Deny udp src outside:222.77.116.18/49154 dst inside:82.178.21.28/1076 by access-group "outside_access_in" [0x0, 0x0]</P><P></P><P>How to solve it ??</P><P> </P><P></P> Fri, 21 Feb 2020 09:44:58 GMT https://community.cisco.com/t5/network-security/pix-syslogs-errors/m-p/828304#M495032 reagentom 2020-02-21T09:44:58Z https://community.cisco.com/t5/network-security/pix-syslogs-errors/m-p/828305#M495037 <HTML><HEAD></HEAD><BODY><P>Hi,</P><P></P><P>As long as your device is blocking these port scanning/reconnaisance attempts, it means its working as it should.</P><P></P><P>The first log message is how the device responds or protects for spoofing attempts using Unicast RPF (Reverse Path Forwarding)</P><P></P><P>This will appear if you ahve the command "ip verify reverse-path" enabled</P><P></P><P>Other logs are attempts to connect to the Public IP you have 82.178.21.28 on port 1076. This can be ignored as long as it blocks.</P><P></P><P>If you do not want an entry added for this message you can give "no logging 106023".</P></BODY></HTML> Tue, 30 Oct 2007 12:49:31 GMT https://community.cisco.com/t5/network-security/pix-syslogs-errors/m-p/828305#M495037 jaravinthan 2007-10-30T12:49:31Z