Firewall Wizards mailing list archives
Re: Question re: PIX message 302001
From: "Anton A. Chuvakin" <anton () chuvakin org>
Date: Wed, 17 Jul 2002 00:47:52 -0400 (EDT)
Trevor and all,
%PIX-6-302001: Built inbound|outbound TCP connection id for faddr faddr/fport gaddr gaddr/gport laddr laddr/lport (username)
If this is an 'outgoing' TCP connection then I assume that the laddr value is the source address and the faddr value is the destination address.
Yes (see e.g. http://www.netsys.com/firewalls/firewalls-2001-05/msg00282.html)
If this is an 'incoming' TCP connection then I assume that the faddr value is the source addres and the laddr value is the destination address.
Yes, see http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix/pix_v44/pix44em/pixemsgs.htm#1077 "Explanation This is a connection-related message. This message reports that an authenticated TCP connection was started to foreign address faddr using the global address gaddr [internet-visible IP in case of NAT] from local address laddr [internal NAT address. If the connection required authentication, the username is reported in the last field of the message." Best, -- Anton A. Chuvakin, Ph.D. http://www.chuvakin.org http://www.info-secure.org _______________________________________________ firewall-wizards mailing list firewall-wizards () honor icsalabs com http://honor.icsalabs.com/mailman/listinfo/firewall-wizards
Current thread:
- Question re: PIX message 302001 Trevor Nightingale (Jul 16)
- Re: Question re: PIX message 302001 Anton A. Chuvakin (Jul 17)