Need help deciphering PIX messages

Posted on 2005-05-06
Last Modified: 2012-06-27
I am using the FireGen for PIX log analyzer v2 to do a daily review of my PIX logs.  Today I had two messages, 1 listed as an error and the other listed as critical.  I need help understanding what to do, if anything, about these two messages.

The first was "denied SSH session from on interface outside".  I have some IP's listed when I do a "show ssh" in my router, but they're not any of the IP's that show up in the messages on the logs.

The second was the critical condition which said "Deny IP spoof from ( to on interface outside".

It looks like my firewall is working correctly by blocking these, but I want to know if I need to do anything more.

Question by:rhouston0872
    LVL 79

    Accepted Solution

    You are correct - the firewall is doing its job by denying these sessions. No action required on your part unless they start rapidly increasing in number, then I would contact the ISP of the offending IP's...
    LVL 5

    Assisted Solution

    spoof stuff looks like regular junk from public networks and its correct to block that source address. There are things flying round at the momnet that use source to exploit devices.

    SSH should be kept an eye on, again its blocking but that is a more direct attempt to gain access. You may need to contact the source ISP if it does not stop, specially if its always same source.


    Write Comment

    Please enter a first name

    Please enter a last name

    We will never share this with anyone.

    Featured Post

    Maximize Your Threat Intelligence Reporting

    Reporting is one of the most important and least talked about aspects of a world-class threat intelligence program. Here’s how to do it right.

    Suggested Solutions

    Wikipedia defines 'Script Kiddies' in this informal way: "In hacker culture, a script kiddie, occasionally script bunny, skiddie, script kitty, script-running juvenile (SRJ), or similar, is a derogatory term used to describe those who use scripts or…
    When I upgraded my ASA 8.2 to 8.3, I realized that my nonat statement was failing!   The log showed the following error:     %ASA-5-305013: Asymmetric NAT rules matched for forward and reverse flows It was caused by the config upgrade, because t…
    This video discusses moving either the default database or any database to a new volume.
    This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor ( If you're looking for how to monitor bandwidth using netflow or packet s…

    737 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now