Need help deciphering PIX messages
Posted on 2005-05-06
I am using the FireGen for PIX log analyzer v2 to do a daily review of my PIX logs. Today I had two messages, 1 listed as an error and the other listed as critical. I need help understanding what to do, if anything, about these two messages.
The first was "denied SSH session from xxx.xxx.xxx.xxx on interface outside". I have some IP's listed when I do a "show ssh" in my router, but they're not any of the IP's that show up in the messages on the logs.
The second was the critical condition which said "Deny IP spoof from (0.0.0.0) to xxx.xxx.xxx.xxx on interface outside".
It looks like my firewall is working correctly by blocking these, but I want to know if I need to do anything more.