[Webinar] Streamline your web hosting managementRegister Today

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

LOGS IN A PIX 506

Hello,


  I have a Pix 506, in the syslog server I have these messages:

  data local4.info 192.168.0.212%PIX-6-302002: Teardown TCP connection 19353 faddr 200.221.151.25/4662 gaddr 213.195.79.232/4108 laddr 192.168.0.174/3782 duration 0:00:42 bytes 346 (TCP FINs)

 data local4.info 192.168.0.212%PIX-6-302002: Built UDP connection for faddr 217.115.17.148/13561 gaddr 213.195.79.232/1069 laddr 192.168.0.174/4672


 These are attacks?

 Thank you


0
txangu2
Asked:
txangu2
  • 2
  • 2
1 Solution
 
Yan_westCommented:
%PIX-6-302002
This is a connection-related message. This message is logged when a TCP connection is terminated. The duration and byte count for the session are reported. If the connection required authentication, the username is reported in the last field of the message.

TCP FINs The remote server tore down the connection (typical for HTTP or FTP connections)

0
 
Yan_westCommented:
No, these are not attacks :)
0
 
lrmooreCommented:
Yan is correct, these are certainly  not attacks. They are simply notifications that NAT xlates were built for specific TCP connections, then torn down when the connections closed. Normal behavior.
0
 
txangu2Author Commented:
ahh ok

 These notifications are from the direction -> Internet -Pix-Lan or Lan-Pix-Internet ?

 If a TCP connection is terminated with the direction Internet-Pix-Lan I don´t understand because I don´t have acl for the outbound interface, and these connections are deny ok?
0
 
lrmooreCommented:
You don't need a acl. This is normal behavior of the PIX.
If a PC on your lan makes a request of an internet host, for example opens up a browser to www.experts-exchange.com, the PIX creates a nat xlate and waites for the server to respond. When the server completes the transaction (sends all it's stuff) it sends a FIN packet. This tells the PIX that the transaction is comlete and it can tear down the connection.
0

Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

  • 2
  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now