• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 262
  • Last Modified:

Tracking source packets on PIX

I have implemented an access list on my PIX firewall to only allow outbound traffic to port 25 ONLY from my email server in an effort to stop a workstation(s) that may be affected with an email virus/worm.  

access-list outbound permit tcp host x.x.x.x any eq 25
access-list outbound deny tcp any any eq 25
access-list outbound permit ip any any

What is the best way to tell on the PIX side if excessive port 25 traffic is being denied from a particular host?
0
andreacadia
Asked:
andreacadia
  • 4
  • 3
1 Solution
 
lrmooreCommented:
Enable logging on the acl and export syslogs to a syslog server
access-list outbound deny tcp any any eq 25 log
logging on
logging host a.b.c.d inside
0
 
andreacadiaAuthor Commented:
thanks.   Any ideas on a freeware syslog server for windows?
0
 
lrmooreCommented:
0
Shaping tomorrow’s technology leaders, today

The leading technology companies all recognize the growing need for gender diversity. Through its Women in IT scholarship program, WGU is working to reverse this trend by empowering more women to earn IT degrees and become tomorrow’s tech-industry leaders.  

 
andreacadiaAuthor Commented:
the syslog daemon does not appear to be receiving any traps.  
0
 
lrmooreCommented:
did you set a trap level?

logg trap 7

Any firewall software on your syslog workstation?
0
 
andreacadiaAuthor Commented:
executing the above command seems to have worked.  does this create excessive overhead on the PIX.  Also, i am seeing a lot of traffic being logged instantly. We should only be logging traffic that is being denied on port 25 correct?
0
 
lrmooreCommented:
You will see lots of stuff being logged regardless.
No, it is not too much overhead for the pix to handle.
You can create filters on the kiwi syslog console to only see what you want.
You can also look at the hitcounters on the acceess-list "show access-list" from the pix command line.  
0

Featured Post

Identify and Prevent Potential Cyber-threats

Become the white hat who helps safeguard our interconnected world. Transform your career future by earning your MS in Cybersecurity. WGU’s MSCSIA degree program was designed in collaboration with national intelligence organizations and IT industry leaders.

  • 4
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now