Solved

LOGS IN A PIX 506

Posted on 2004-09-24
5
238 Views
Last Modified: 2013-11-29
Hello,


  I have a Pix 506, in the syslog server I have these messages:

  data local4.info 192.168.0.212%PIX-6-302002: Teardown TCP connection 19353 faddr 200.221.151.25/4662 gaddr 213.195.79.232/4108 laddr 192.168.0.174/3782 duration 0:00:42 bytes 346 (TCP FINs)

 data local4.info 192.168.0.212%PIX-6-302002: Built UDP connection for faddr 217.115.17.148/13561 gaddr 213.195.79.232/1069 laddr 192.168.0.174/4672


 These are attacks?

 Thank you


0
Comment
Question by:txangu2
  • 2
  • 2
5 Comments
 
LVL 15

Expert Comment

by:Yan_west
ID: 12144518
%PIX-6-302002
This is a connection-related message. This message is logged when a TCP connection is terminated. The duration and byte count for the session are reported. If the connection required authentication, the username is reported in the last field of the message.

TCP FINs The remote server tore down the connection (typical for HTTP or FTP connections)

0
 
LVL 15

Expert Comment

by:Yan_west
ID: 12144524
No, these are not attacks :)
0
 
LVL 79

Expert Comment

by:lrmoore
ID: 12144550
Yan is correct, these are certainly  not attacks. They are simply notifications that NAT xlates were built for specific TCP connections, then torn down when the connections closed. Normal behavior.
0
 

Author Comment

by:txangu2
ID: 12148468
ahh ok

 These notifications are from the direction -> Internet -Pix-Lan or Lan-Pix-Internet ?

 If a TCP connection is terminated with the direction Internet-Pix-Lan I don´t understand because I don´t have acl for the outbound interface, and these connections are deny ok?
0
 
LVL 79

Accepted Solution

by:
lrmoore earned 25 total points
ID: 12150347
You don't need a acl. This is normal behavior of the PIX.
If a PC on your lan makes a request of an internet host, for example opens up a browser to www.experts-exchange.com, the PIX creates a nat xlate and waites for the server to respond. When the server completes the transaction (sends all it's stuff) it sends a FIN packet. This tells the PIX that the transaction is comlete and it can tear down the connection.
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
ADCs have gained traction within the last decade, largely due to increased demand for legacy load balancing appliances to handle more advanced application delivery requirements and improve application performance.
Viewers will learn how to connect to a wireless network using the network security key. They will also learn how to access the IP address and DNS server for connections that must be done manually. After setting up a router, find the network security…
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…

773 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question