09-21-2012 07:08 AM - edited 02-21-2020 04:44 AM
Just installed ASA 5505 cisco router two weeks ago and every thing is running great.
Setup logging to email me for events that occur. That also is working fine.
My question is this. I get this message several times a day some one than others about 15 to 30 messages a day with this message
ASA-3-710003: TCP access denied by acl from x.x.x.x/####### to outside 75.82.123.50/22 or /23
I wish not to turn off looging or filter out this message.
I would like to know what does this message mean? Is some one trying to hack into my router?
Did a tracert on some of the ip addresses given in the message and they trace to somewhere abroad
Any ideas or suggestions
Thanks
Tom
10-09-2012 02:42 AM
Hi
usually it is botnet computers which are trying telnet and ssh access to everywhere
just looking for nonsecure devices in internet.
it is so called internet white noise.
some one can also trying to hack your router
10-09-2012 08:51 AM
Yes it sure looks like someone is glad this router sends alerts via email
Tom
10-10-2012 06:52 AM
All the message is indicating, is that the source IP is trying to access the desitnation IP on TCP ports 22 (SSH) and 23 (Telnet), and the ASA is denying it due to the ACL configured on your outside interface.
This syslog is in response to receiving a packet, so there is nothing you can do to prevent your device from receiving the packet. But, the ASA is appropriately denying it and notifying you.
As for who is initiating the packet, you only know the source IP, and that is about it. You can see who owns the netblock, but I doubt you will get far. Many malicious (and non-malicious) people scan internet address to see what ports are open. Some to hack in, others to get statistics/reports.
Hope it helps,
David.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide