PIX Log Entry

Can someone please help me with identifying exactly what is happeneing when I get the following log entry on my Pix firewall

 deny tcp src outside:64.154.80.148 (ehg.fedex.com) /443 dst inside:x.x.x.x (name.company.com) /6969 by access-group "permit_in"
I realize it is coming from port 443 of fedex.com and trying to go to port 6969 on our network.
My Question is Why?  I have seen other blocks like this and the destination port number changes.
We had a linksys firewall before this and the log wasnt quite as detailed as the Pix. Its not even on the same planet.
If someone could explain why these requsts come in it would be much appreciated.
pauls681Asked:
Who is Participating?

Improve company productivity with a Business Account.Sign Up

x
 
grbladesConnect With a Mentor Commented:
In this particular example port 6969 is used by the Gatecrasher trojen. It is someone scanning a range of addresses (including yours)  in order to try and fine machines with that trojen installed so they can take over them for things like sending out spam or launching denial of service attacks.

The PIX is blocking them so there is nothing to worry about.
0
 
pauls681Author Commented:
OK, But why does it say its comming from fedex.com? Is this a spoofed address?
0
 
grbladesCommented:
It could be that the address is spoofed but this is unlikly. Their server could be compromised.

Or probably the most likly reason is that it is someone spoofing your IP address and sending a packet to port 443 in order to perform a denial of service attack against them. They are sending back a response to you which your firewall denies. These attacks normally use random IP addresses and with the large number going on you will occasionally get these replies back.
0
 
pauls681Author Commented:
Thanks for the explanation.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.