Constant connection attempts port 25, 587, 465

Hello. We recently purchased an ASA 5510 and opened up mail.domain.com to outlook web access

I am seeing constant connection attempts from 32.174.168.27, random ports on their side, ports 25, 587, 465 on ours. Connections are denied by access list because only port 443 forwards, but I have been seeing these for a few days, just straight "deny"..

I checked, and config looks correct, I can't telnet or connect to any of those ports - so if that's the case, why does the other party keep probing?

the exact deny message I see in adsm is "deny tcp src outside:32.174.168.27/49555 dst inside:owaserver.internal.domain/587 by access-group "INCOMING"

Connections are bouncing off as it should it seems, but worried anyway? Any way to block that IP all together so it wouldn't even show up on the logs (I do have an ip deny <address> in the INCOMING acl for that ip)

Thanks..

Thanks
arthurk123Asked:
Who is Participating?
 
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
It looks like it is coming from a cell phone at "mobile-032-174-168-027.mycingular.net".  Could it be one of your users trying to connect?
0
 
arthurk123Author Commented:
excellent observation, you deserve points just for that. I'll look into it

As far as the question is concerned - if I'm seeing repetitive attempts that are denied, is that of any concern?
0
 
Dave BaldwinFixer of ProblemsCommented:
Repetitive attempts are a concern.  That tells me that either someone is trying to break in or one of your users can't figure out how to access their account properly.
0
 
arthurk123Author Commented:
Thank you
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.