Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
811
Views
0
Helpful
2
Replies

Track Outbound TCP Hijack

Go to solution
usanitary
Level 1
Level 1

‎01-16-2007 01:50 PM - edited ‎03-10-2019 03:25 AM

Checking the events on our IDS 4210 w IDM 5.1, I noted a TCP hijack going from our LAN to the Internet.

I am sniffing the connection between outside port of Firewall(ASA 5510) and inside Edge router(3640), therefore the attacker IP is listed as our PAT. Is there any way to track this back to the PC without debugging the firewall?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
edwakim
Cisco Employee
Cisco Employee

‎01-18-2007 07:16 AM

If the attacker is getting PATted, then looking at nat table in ASA is the best way. From your packet trace, you may be able to find some upper layer information that may indicate the attacker's pre-pat identity but it less likely.

Thank you.

Edward

View solution in original post

0 Helpful
2 Replies 2

Go to solution
edwakim
Cisco Employee
Cisco Employee

‎01-18-2007 07:16 AM

If the attacker is getting PATted, then looking at nat table in ASA is the best way. From your packet trace, you may be able to find some upper layer information that may indicate the attacker's pre-pat identity but it less likely.

Thank you.

Edward

0 Helpful

Go to solution
usanitary
Level 1
Level 1
In response to edwakim

‎01-18-2007 10:35 AM

You are right; show xlate did it. Thank you very much.

0 Helpful
Customers Also Viewed These Support Documents
Review Cisco Networking for a $25 gift card