arthurk123
asked on
Constant connection attempts port 25, 587, 465
Hello. We recently purchased an ASA 5510 and opened up mail.domain.com to outlook web access
I am seeing constant connection attempts from 32.174.168.27, random ports on their side, ports 25, 587, 465 on ours. Connections are denied by access list because only port 443 forwards, but I have been seeing these for a few days, just straight "deny"..
I checked, and config looks correct, I can't telnet or connect to any of those ports - so if that's the case, why does the other party keep probing?
the exact deny message I see in adsm is "deny tcp src outside:32.174.168.27/4955
Connections are bouncing off as it should it seems, but worried anyway? Any way to block that IP all together so it wouldn't even show up on the logs (I do have an ip deny <address> in the INCOMING acl for that ip)
Thanks..
Thanks
I am seeing constant connection attempts from 32.174.168.27, random ports on their side, ports 25, 587, 465 on ours. Connections are denied by access list because only port 443 forwards, but I have been seeing these for a few days, just straight "deny"..
I checked, and config looks correct, I can't telnet or connect to any of those ports - so if that's the case, why does the other party keep probing?
the exact deny message I see in adsm is "deny tcp src outside:32.174.168.27/4955
Connections are bouncing off as it should it seems, but worried anyway? Any way to block that IP all together so it wouldn't even show up on the logs (I do have an ip deny <address> in the INCOMING acl for that ip)
Thanks..
Thanks
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Repetitive attempts are a concern. That tells me that either someone is trying to break in or one of your users can't figure out how to access their account properly.
ASKER
Thank you
ASKER
As far as the question is concerned - if I'm seeing repetitive attempts that are denied, is that of any concern?