cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
680
Views
0
Helpful
0
Replies
Highlighted
Beginner

Strange FWSM log message

Dear expects,

I have a strange problem with a FWSM on Catalyst 6509, this funny logging message keep generating on the FWSM

%FWSM-3-106011: Deny inbound (No xlate) icmp src fwsm_212:10.10.212.30 dst fwsm_212:10.10.212.14 (type 8, code 0)

%FWSM-3-106011: Deny inbound (No xlate) icmp src fwsm_212:10.10.212.30 dst fwsm_212:10.10.212.12 (type 8, code 0)

Was it mean that a icmp packet source from 10.10.212.30 to 10.10.212.14 being denied in the FWSM in the first statement? it suppose to be on a same subnet (10.10.212.0/24), not sure why it being detected and logged in the FWSM gateway

I have surf some info from the Internet, in the CISCO FWSM log documentation mention this code of log message can typically be ignored, it's recommend to prevent this system log message from getting logged to the syslog server by entering the "no logging message 106011" command. But I have read also this log could be generated by various worms or trojans attempting to connect to known hosts, it may also indicate a port scaning

Could someone explain to me what actually mean by the message log ? what is the best way to investigte this log, shoud I drill down focus and check on the host machine itself or can ignored this system log ?

Thanks in advance.

0 REPLIES 0
Content for Community-Ad