Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
5098
Views
0
Helpful
0
Replies

FMANFP-6-IPACCESSLOGP

PlutoV
Level 1
Level 1

‎03-01-2023 05:48 PM

 FMANFP-6-IPACCESSLOGP log message displays IP addresses in reverse order. The Cisco bug ID CSCvn40315 identifies this bug.

The explanation references an outgoing network package that may have been affected by this bug, indicating that an IP address on the network may have sent out data during the error. A potential security issue? Is it possible that malicious activity could perform some sort of DNS reconnaissance while masking its IP address and reporting back to an unknown source? Or is the "1 packet" simply a part of the error message? 

While the FMANFP-6-IPACCESSLOGP message bug does not directly enable or facilitate DNS attacks, it can cause confusion or make it more confusing to troubleshoot network issues affected by this bug.

BUG INFO below: 

Symptom: ACE in ACL such as:

#sh ip access-lists DIALER_IN Extended IP access list DIALER_IN 5 permit tcp any any eq 2022 2443 log (31 matches)

When messages are logged, see for example:

*Nov 23 12:18:01.284: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list DIALER_IN permitted tcp aaa.bbb.ccc.ddd(61610) -> www.xxx.yyy.zzz(2443), 1 packet

Source address was actually ddd.ccc.bbb.aaa, and destination address was actually zzz.yyy.xxx.www.

Conditions: Any. Workaround: None.

7 people had this problem
Labels:
0 Helpful
0 Replies 0
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card