txangu2
asked on
LOGS IN A PIX 506
Hello,
I have a Pix 506, in the syslog server I have these messages:
data local4.info 192.168.0.212%PIX-6-302002 : Teardown TCP connection 19353 faddr 200.221.151.25/4662 gaddr 213.195.79.232/4108 laddr 192.168.0.174/3782 duration 0:00:42 bytes 346 (TCP FINs)
data local4.info 192.168.0.212%PIX-6-302002 : Built UDP connection for faddr 217.115.17.148/13561 gaddr 213.195.79.232/1069 laddr 192.168.0.174/4672
These are attacks?
Thank you
I have a Pix 506, in the syslog server I have these messages:
data local4.info 192.168.0.212%PIX-6-302002
data local4.info 192.168.0.212%PIX-6-302002
These are attacks?
Thank you
No, these are not attacks :)
Yan is correct, these are certainly not attacks. They are simply notifications that NAT xlates were built for specific TCP connections, then torn down when the connections closed. Normal behavior.
ASKER
ahh ok
These notifications are from the direction -> Internet -Pix-Lan or Lan-Pix-Internet ?
If a TCP connection is terminated with the direction Internet-Pix-Lan I don´t understand because I don´t have acl for the outbound interface, and these connections are deny ok?
These notifications are from the direction -> Internet -Pix-Lan or Lan-Pix-Internet ?
If a TCP connection is terminated with the direction Internet-Pix-Lan I don´t understand because I don´t have acl for the outbound interface, and these connections are deny ok?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is a connection-related message. This message is logged when a TCP connection is terminated. The duration and byte count for the session are reported. If the connection required authentication, the username is reported in the last field of the message.
TCP FINs The remote server tore down the connection (typical for HTTP or FTP connections)