06-18-2015 08:16 AM - edited 03-11-2019 11:09 PM
Please can someone interpret this log messages below for me? The IP address 10.5.4.8 was performing an unauthorized port scan in my network from within.
Jun 18 2015 10:51:03 single_vf : %ASA-6-302013: Built outbound TCP connection 746450139 for outside:23.52.91.27/80 (23.52.91.27/80) to inside:10.5.4.8/17179 (139.55.126.155/17179)
Jun 18 2015 10:51:04 single_vf : %ASA-6-305012: Teardown dynamic TCP translation from inside:10.5.4.8/16776 to outside:139.55.126.155/16776 duration 0:04:07
Jun 18 2015 10:51:04 single_vf : %ASA-6-302014: Teardown TCP connection 746442992 for outside:98.139.199.205/443 to inside:10.5.4.8/17019 duration 0:02:00 bytes 2067 TCP FINs
Jun 18 2015 10:51:05 single_vf : %ASA-6-305011: Built dynamic TCP translation from inside:10.5.4.8/17182 to outside:139.55.126.155/17182
Jun 18 2015 10:51:05 single_vf : %ASA-6-302013: Built outbound TCP connection 746450241 for outside:98.139.199.204/443 (98.139.199.204/443) to inside:10.5.4.8/17182 (139.55.126.155/17182)
Jun 18 2015 10:51:05 single_vf : %ASA-6-302014: Teardown TCP connection 746443065 for outside:98.139.199.205/443 to inside:10.5.4.8/17024 duration 0:01:59 bytes 9383 TCP FINs
Jun 18 2015 10:51:05 single_vf : %ASA-6-302014: Teardown TCP connection 746443051 for outside:98.139.199.204/443 to inside:10.5.4.8/17022 duration 0:01:59 bytes 9431 TCP FINs
Jun 18 2015 10:51:05 single_vf : %ASA-6-302014: Teardown TCP connection 746443043 for outside:208.86.238.30/443 to inside:10.5.4.8/17021 duration 0:02:00 bytes 5922 TCP FINs
Jun 18 2015 10:51:05 single_vf : %ASA-6-106015: Deny TCP (no connection) from 10.5.4.8/17021 to 208.86.238.30/443 flags RST on interface inside
Jun 18 2015 10:51:12 single_vf : %ASA-6-305011: Built dynamic TCP translation from inside:10.5.4.8/17219 to outside:139.55.126.155/17219
Jun 18 2015 10:51:12 single_vf : %ASA-6-302013: Built outbound TCP connection 746450594 for outside:23.52.91.27/80 (23.52.91.27/80) to inside:10.5.4.8/17219 (139.55.126.155/17219)
Jun 18 2015 10:51:12 single_vf : %ASA-6-305011: Built dynamic TCP translation from inside:10.5.4.8/17221 to outside:139.55.126.155/17221
Jun 18 2015 10:51:12 single_vf : %ASA-6-302013: Built outbound TCP connection 746450623 for outside:72.167.239.239/80 (72.167.239.239/80) to inside:10.5.4.8/17221 (139.55.126.155/17221)
Jun 18 2015 10:51:12 single_vf : %ASA-6-305011: Built dynamic TCP translation from inside:10.5.4.8/17222 to outside:139.55.126.155/17222
Jun 18 2015 10:51:12 single_vf : %ASA-6-302013: Built outbound TCP connection 746450624 for outside:72.167.239.239/80 (72.167.239.239/80) to inside:10.5.4.8/17222 (139.55.126.155/17222)
Jun 18 2015 10:51:12 single_vf : %ASA-6-302014: Teardown TCP connection 746450623 for outside:72.167.239.239/80 to inside:10.5.4.8/17221 duration 0:00:00 bytes 2402 TCP FINs
Jun 18 2015 10:51:12 single_vf : %ASA-6-302014: Teardown TCP connection 746450624 for outside:72.167.239.239/80 to inside:10.5.4.8/17222 duration 0:00:00 bytes 2402 TCP FINs
Jun 18 2015 10:51:16 single_vf : %ASA-6-305011: Built dynamic TCP translation from inside:10.5.4.8/17226 to outside:139.55.126.155/17226
Jun 18 2015 10:51:16 single_vf : %ASA-6-302013: Built outbound TCP connection 746450778 for outside:23.21.243.54/443 (23.21.243.54/443) to inside:10.5.4.8/17226 (139.55.126.155/17226)
Jun 18 2015 10:51:16 single_vf : %ASA-6-302014: Teardown TCP connection 746450013 for outside:23.21.243.54/443 to inside:10.5.4.8/17163 duration 0:00:15 bytes 5729 TCP FINs
Jun 18 2015 10:51:16 single_vf : %ASA-6-106015: Deny TCP (no connection) from 10.5.4.8/17163 to 23.21.243.54/443 flags RST on interface inside
Jun 18 2015 10:51:16 single_vf : %ASA-6-302014: Teardown TCP connection 746450012 for outside:23.21.243.54/443 to inside:10.5.4.8/17164 duration 0:00:15 bytes 5729 TCP FINs
Jun 18 2015 10:51:16 single_vf : %ASA-6-106015: Deny TCP (no connection) from 10.5.4.8/17164 to 23.21.243.54/443 flags RST on interface inside
Jun 18 2015 10:51:16 single_vf : %ASA-6-305011: Built dynamic TCP translation from inside:10.5.4.8/17228 to outside:139.55.126.155/17228
Jun 18 2015 10:51:16 single_vf : %ASA-6-302013: Built outbound TCP connection 746450785 for outside:68.67.152.6/443 (68.67.152.6/443) to inside:10.5.4.8/17228 (139.55.126.155/17228)
Jun 18 2015 10:51:16 single_vf : %ASA-6-305011: Built dynamic TCP translation from inside:10.5.4.8/17227 to outside:139.55.126.155/17227
Jun 18 2015 10:51:16 single_vf : %ASA-6-302013: Built outbound TCP connection 746450786 for outside:68.67.152.6/443 (68.67.152.6/443) to inside:10.5.4.8/17227 (139.55.126.155/17227)
06-19-2015 04:33 AM
Hi,
These are some common connections Built and teardown messages.
What information would you like to collect from these syslogs.
I think you can find out the IP addresses and Ports numbers and if you want to stop them , apply ACL on the ASA device interface to block them.
Thanks and Regards,
Vibhor Amrodia
06-19-2015 08:18 AM
Thanks for the responds.
KIngsley
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide