Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
522
Views
0
Helpful
2
Replies

is it an PIX attack?

pacquaviva
Level 1
Level 1

‎06-30-2006 01:42 AM - edited ‎03-03-2019 03:52 AM

Hi,

Taking a look at the system log in our PIX I noticed the following message:

%PIX-3-106011: Deny inbound (No xlate) tcp src inside:x.x.x.x dst inside:y.y.y.x

%PIX-3-106011: Deny inbound (No xlate) tcp src inside:x.x.x.x dst inside:y.y.y.y

%PIX-3-106011: Deny inbound (No xlate) tcp src inside:x.x.x.x dst inside:y.y.y.z

%PIX-3-106011: Deny inbound (No xlate) icmp src inside:x.x.x.x dst inside:x.x.x.x(type 8, code 0)

%PIX-3-106011: Deny inbound (No xlate) icmp src inside:x.x.x.x dst inside:y.y.y.x(type 8, code 0)

%PIX-3-106011: Deny inbound (No xlate) icmp src inside:x.x.x.x dst inside:y.y.y.z(type 8, code 0)

This is a short of log but the destination addresses are contiguous.

Is this an attack?

Thank you.

Paolo

Labels:
0 Helpful
2 Replies 2

amit-singh
Level 8
Level 8

‎06-30-2006 01:58 AM

Hi Paolo,

Log Message %PIX-7-106011: Deny inbound (no xlate) tcp

Explanation This is a connection-related message. This message occurs when a packet is sent to the

same interface that it arrived on. This usually indicates that a security breach is occurring. When

the PIX Firewall receives a packet, it tries to establish a translation slot based on the security

policy you set with the global and conduit commands, and your routing policy set with the route

command. Failing both policies, PIX Firewall allows the packet to flow from the higher priority

network to a lower priority network, if it is consistent with the security policy. If a packet comes

from a lower priority network and the security policy does not allow it, PIX Firewall routes the

packet back to the same interface.

To provide access from an interface with a higher security to a lower security, use the nat and

global commands. For example, use the nat command to let inside users access outside servers, to let

inside users access perimeter servers, and to let perimeter users access outside servers.

To provide access from an interface with a lower security to higher security, use the static and

conduit commands. For example, use the static and conduit commands to let outside users access

inside servers, outside users access perimeter servers, or perimeter servers access inside servers.

Recommended Action Fix your configuration to reflect your security policy for handling these attack

events.

HTH, Please rate if it does.

-amit singh

0 Helpful

pacquaviva
Level 1
Level 1
In response to amit-singh

‎06-30-2006 02:42 AM

Hi,

thank you for your post.

The strange thing is that the destination addresses are like this :

x.x.x.12

x.x.x.13

x.x.x.14

.....

I think that someone is trying to connect at this addresses with ping and telnet fastly at different adresses.

Could it be an attack?

What do you think about?

Ragards, paolo

0 Helpful
Customers Also Viewed These Support Documents