Cisco ASA 5510 ASDM Syslog messages showing large Deny hits but why
Posted on 2015-02-19
I have recently been looking over the Syslog from the Cisco ASA firewall and I see a lot of hits coming from one or two different IP address that hit all my IP address (class c public) scanning for port 80. I did a whois lookup on the IP and from what I see its coming from China. Its also an IP address that is listed in the Anti-Hacker website when I google searched it.
However one of them was from a company in NJ called Interserver, INC
Why would they try and hit all my IP address we own on port 80, what are they looking for, is this considered a DDOS attack.
I'm new to the Cisco ASA and just can't understand the Syslog that well and what its actually doing to my network.
They are all getting Denys however the Interserver, INC was able to get into my Avaya IP office system
Are these Spam mails trying to see where my Mail Server resides on? Is this flooding my network?
Thank you for any help you can provide