• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 364
  • Last Modified:

Need help deciphering PIX messages

I am using the FireGen for PIX log analyzer v2 to do a daily review of my PIX logs.  Today I had two messages, 1 listed as an error and the other listed as critical.  I need help understanding what to do, if anything, about these two messages.

The first was "denied SSH session from xxx.xxx.xxx.xxx on interface outside".  I have some IP's listed when I do a "show ssh" in my router, but they're not any of the IP's that show up in the messages on the logs.

The second was the critical condition which said "Deny IP spoof from ( to xxx.xxx.xxx.xxx on interface outside".

It looks like my firewall is working correctly by blocking these, but I want to know if I need to do anything more.

2 Solutions
You are correct - the firewall is doing its job by denying these sessions. No action required on your part unless they start rapidly increasing in number, then I would contact the ISP of the offending IP's...
spoof stuff looks like regular junk from public networks and its correct to block that source address. There are things flying round at the momnet that use source to exploit devices.

SSH should be kept an eye on, again its blocking but that is a more direct attempt to gain access. You may need to contact the source ISP if it does not stop, specially if its always same source.


Featured Post

The IT Degree for Career Advancement

Earn your B.S. in Network Operations and Security and become a network and IT security expert. This WGU degree program curriculum was designed with tech-savvy, self-motivated students in mind – allowing you to use your technical expertise, to address real-world business problems.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now