txangu2
asked on
LOGS IN A PIX 506
Hello,
I have a Pix 506, in the syslog server I have these messages:
data local4.info 192.168.0.212%PIX-6-302002
data local4.info 192.168.0.212%PIX-6-302002
These are attacks?
Thank you
I have a Pix 506, in the syslog server I have these messages:
data local4.info 192.168.0.212%PIX-6-302002
data local4.info 192.168.0.212%PIX-6-302002
These are attacks?
Thank you
No, these are not attacks :)
Yan is correct, these are certainly not attacks. They are simply notifications that NAT xlates were built for specific TCP connections, then torn down when the connections closed. Normal behavior.
ASKER
ahh ok
These notifications are from the direction -> Internet -Pix-Lan or Lan-Pix-Internet ?
If a TCP connection is terminated with the direction Internet-Pix-Lan I don´t understand because I don´t have acl for the outbound interface, and these connections are deny ok?
These notifications are from the direction -> Internet -Pix-Lan or Lan-Pix-Internet ?
If a TCP connection is terminated with the direction Internet-Pix-Lan I don´t understand because I don´t have acl for the outbound interface, and these connections are deny ok?
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
This is a connection-related message. This message is logged when a TCP connection is terminated. The duration and byte count for the session are reported. If the connection required authentication, the username is reported in the last field of the message.
TCP FINs The remote server tore down the connection (typical for HTTP or FTP connections)