Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
404
Views
0
Helpful
3
Replies

cisco 4221/k9

itosauk
Level 1
Level 1

‎11-15-2023 01:40 PM

constantly in the message logs:

Nov 15 21:36:31.387: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied udp 10.60.110.74(138) -> 255.255.255.255(138), 1 packet
Nov 15 21:36:31.387: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied udp 10.60.110.74(138) -> 255.255.255.255(138), 1 packet
Nov 15 21:36:48.014: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.71(63596) -> 10.60.4.214(80), 1 packet
Nov 15 21:36:48.014: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.71(63596) -> 10.60.4.214(80), 1 packet
Nov 15 21:36:48.014: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.71(63596) -> 10.60.4.214(80), 1 packet
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58106) -> 10.104.3.22(389), 3 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.71(63560) -> 10.60.4.214(80), 4 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list 4Temp_#338899772725 denied udp 10.60.110.72(5353) -> 224.0.0.251(5353), 1 packet
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58113) -> 10.10.1.2(389), 5 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list 4Temp_#338899772725 denied udp 10.60.110.72(49664) -> 10.60.4.214(161), 23 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58115) -> 10.102.16.4(389), 4 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58114) -> 10.104.3.5(389), 4 packets
Nov 15 21:36:48.508: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58116) -> 10.104.3.22(389), 4 packets
Nov 15 21:36:48.508: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58104) -> 10.10.1.2(389), 3 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58106) -> 10.104.3.22(389), 3 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.71(63560) -> 10.60.4.214(80), 4 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied udp 10.60.110.72(5353) -> 224.0.0.251(5353), 1 packet
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58113) -> 10.10.1.2(389), 5 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied udp 10.60.110.72(49664) -> 10.60.4.214(161), 23 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58115) -> 10.102.16.4(389), 4 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58114) -> 10.104.3.5(389), 4 packets
Nov 15 21:36:48.508: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58116) -> 10.104.3.22(389), 4 packets
Nov 15 21:36:48.508: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58104) -> 10.10.1.2(389), 3 packets
Nov 15 21:36:48.508: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58103) -> 10.102.16.4(389), 3 packets
Nov 15 21:36:48.508: %FMANFP-6-IPACCESSLOGP: F0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58105) -> 10.104.3.5(389), 3 packets
Nov 15 21:36:48.508: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58103) -> 10.102.16.4(389), 3 packets
Nov 15 21:36:48.508: %FMANFP-6-IPACCESSLOGP: R0/0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58105) -> 10.104.3.5(389), 3 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58106) -> 10.104.3.22(389), 3 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.71(63560) -> 10.60.4.214(80), 4 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied udp 10.60.110.72(5353) -> 224.0.0.251(5353), 1 packet
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58113) -> 10.10.1.2(389), 5 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied udp 10.60.110.72(49664) -> 10.60.4.214(161), 23 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58115) -> 10.102.16.4(389), 4 packets
Nov 15 21:36:48.507: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58114) -> 10.104.3.5(389), 4 packets
Nov 15 21:36:48.508: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58116) -> 10.104.3.22(389), 4 packets
Nov 15 21:36:48.508: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58104) -> 10.10.1.2(389), 3 packets
Nov 15 21:36:48.508: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58103) -> 10.102.16.4(389), 3 packets
Nov 15 21:36:48.508: %FMANFP-6-IPACCESSLOGP: SIP0: fman_fp_image: list 4Temp_#338899772725 denied tcp 10.60.110.72(58105) -> 10.104.3.5(389), 3 packets

how to solve a problem??? and what is this connected with?

 

Labels:
0 Helpful
3 Replies 3

Kasun Bandara
VIP
VIP

‎11-15-2023 05:05 PM

@itosauk hi, seems like your device is under scanning by 10.60.110.72. is this device from your internal IP range? if so heck that device for any botnet activities or scanning tools.

Please rate this and mark as solution/answer, if this resolved your issue
Good luck
KB
0 Helpful

itosauk
Level 1
Level 1
In response to Kasun Bandara

‎11-15-2023 10:40 PM

 there are different addresses, and we checked it

0 Helpful

balaji.bandi
Hall of Fame
Hall of Fame

‎11-16-2023 12:17 AM

Looks like some kind of attack for the device, is this device connected externally ?

what IOS Code running ?

if possible try to upgrade latest stable version ?

if this is not impacting the operation level - suggest to remove the ACL Log option and send it to syslog those message is good. rather overloading the Device with Lot of Logs.

other side you can also do rate limit :

https://www.ciscopress.com/articles/article.asp?p=345618&seqNum=5

 

BB

***** Rate All Helpful Responses *****

How to Ask The Cisco Community for Help

0 Helpful
Customers Also Viewed These Support Documents