Constant connection attempts port 25, 587, 465

Posted on 2011-10-12
Last Modified: 2012-05-12
Hello. We recently purchased an ASA 5510 and opened up to outlook web access

I am seeing constant connection attempts from, random ports on their side, ports 25, 587, 465 on ours. Connections are denied by access list because only port 443 forwards, but I have been seeing these for a few days, just straight "deny"..

I checked, and config looks correct, I can't telnet or connect to any of those ports - so if that's the case, why does the other party keep probing?

the exact deny message I see in adsm is "deny tcp src outside: dst inside:owaserver.internal.domain/587 by access-group "INCOMING"

Connections are bouncing off as it should it seems, but worried anyway? Any way to block that IP all together so it wouldn't even show up on the logs (I do have an ip deny <address> in the INCOMING acl for that ip)


Question by:arthurk123
    LVL 82

    Accepted Solution

    It looks like it is coming from a cell phone at "".  Could it be one of your users trying to connect?

    Author Comment

    excellent observation, you deserve points just for that. I'll look into it

    As far as the question is concerned - if I'm seeing repetitive attempts that are denied, is that of any concern?
    LVL 82

    Expert Comment

    by:Dave Baldwin
    Repetitive attempts are a concern.  That tells me that either someone is trying to break in or one of your users can't figure out how to access their account properly.

    Author Comment

    Thank you

    Featured Post

    Threat Intelligence Starter Resources

    Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

    Join & Write a Comment

    Suggested Solutions

    There are many useful and sometimes not well documented or forgotten IOS or ASA/PIX commands. See IPE article here , there was also one on PacketU and on Cisco Tips & Tricks. Below are my favorites. I give also a few most often used for Cisco IPS an…
    Cisco Pix/ASA hairpinning The term, hairpinning, comes from the fact that the traffic comes from one source into a router or similar device, makes a U-turn, and goes back the same way it came. Visualize this and you will see something that looks …
    It is a freely distributed piece of software for such tasks as photo retouching, image composition and image authoring. It works on many operating systems, in many languages.
    how to add IIS SMTP to handle application/Scanner relays into office 365.

    728 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    18 Experts available now in Live!

    Get 1:1 Help Now