Security Basics mailing list archives

help with log entries

From: aduenas () skytel com co
Date: Wed, 26 Feb 2003 20:52:57 GMT

Hi,

I am getting some confusing log entries from my Cisco Pix firewall. At
first I thought that it was a network problem but I don't have any other
evidence to support that assumption.

The log entries look like this. Destination IP addresses changed....

Feb 26 15:32:49 firewall %PIX-6-106015: Deny TCP (no connection) from 
161.58.238.151/110 to a.b.c.d/3782 flags RST ACK  on interface outside
Feb 26 15:32:50 firewall %PIX-6-106015: Deny TCP (no connection) from 
161.58.238.151/110 to a.b.c.d/3783 flags RST PSH ACK  on interface 
outside
Feb 26 15:32:50 firewall %PIX-6-106015: Deny TCP (no connection) from 
200.24.76.3/110 to a.b.c.d/3796 flags RST ACK  on interface outside
Feb 26 15:32:51 firewall %PIX-6-106015: Deny TCP (no connection) from 
200.24.76.8/110 to a.b.c.d/3768 flags RST ACK  on interface outside
Feb 26 15:33:02 firewall %PIX-6-106015: Deny TCP (no connection) from 
66.35.250.206/59231 to 10.10.10.4/25 flags RST  on interface outside
Feb 26 15:33:02 firewall %PIX-6-106015: Deny TCP (no connection) from 
66.35.250.206/59231 to 10.10.10.4/25 flags RST  on interface outside
Feb 26 15:33:04 firewall %PIX-6-106015: Deny TCP (no connection) from 
66.35.250.206/59231 to 10.10.10.4/25 flags RST PSH ACK  on interface 
inside
Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from 
161.58.238.151/110 to a.b.c.d/3843 flags RST ACK  on interface outside
Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from 
161.58.238.151/110 to a.b.c.d/3845 flags RST ACK  on interface outside
Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from 
161.58.238.151/110 to a.b.c.d/3847 flags RST ACK  on interface outside
Feb 26 15:33:46 firewall %PIX-6-106015: Deny TCP (no connection) from 
161.58.238.151/110 to a.b.c.d/3846 flags RST ACK  on interface outside
Feb 26 15:33:48 firewall %PIX-6-106015: Deny TCP (no connection) from 
200.24.76.8/110 to a.b.c.d/3830 flags RST ACK  on interface outside
Feb 26 15:33:51 firewall %PIX-6-106015: Deny TCP (no connection) from 
200.24.76.3/110 to a.b.c.d/3860 flags RST ACK  on interface outside

If anyone has any clues or suggestions I would be most grateful!

Current thread:

help with log entries aduenas (Feb 27)
- RE: help with log entries David Gillett (Feb 28)
- Re: help with log entries David M. Fetter (Feb 28)