Security Basics mailing list archives
RE: Cisco Pix UDP Built
From: "John Canty" <John.Canty () Vibro-Meter com>
Date: Thu, 19 Jun 2003 07:37:37 -0400
not too sure here but it's a stab at it. The gaddr should be on the same subnet as the initiating connection. Like I said, I really don't know the pix I handle I have shut off most of the logging except for the warnings and critical faults. In order to prevent from some serious violations of it's integrity, I change passwords on a weekly basis. //John -----Original Message----- From: Amodiovalerio Verde [mailto:amodiovalerio.verde () ags-it com] Sent: Wednesday, June 18, 2003 9:15 AM To: security-basics () securityfocus com Subject: Cisco Pix UDP Built Hi all, I'm writing a tool to manage and analyze the logs coming from Cisco Pix and module FWSM. All the logs are sent to a syslog server to collect and analyze them in realtime. I've a problem with a PIX message I couldn't understand the behaviour. The message is the %PIX|FWSM-6-302005 and it is related to a Build connection...the format is Built UDP connection for faddr 1.1.1.1/1 gaddr 2.2.2.2/2 laddr 3.3.3.3/3 The problem is that I cannot be sure of the direction of the connection, i.e. I don't know if it was the faddr opening a connection to laddr, or viceversa. Cisco Pix seems just to ignore the direction of the connection ( that in the TCP Build is specified as inbound or outbound ). Can anybody give me some clue about this behaviour ? it's a pix 'limit' ? Thanks in advance Amodiovalerio Verde ------------------------------------------------------------------------ --- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ------------------------------------------------------------------------ ---- --------------------------------------------------------------------------- Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts! The Gartner Group just put Neoteris in the top of its Magic Quadrant, while InStat has confirmed Neoteris as the leader in marketshare. Find out why, and see how you can get plug-n-play secure remote access in about an hour, with no client, server changes, or ongoing maintenance. Visit us at: http://www.neoteris.com/promos/sf-6-9.htm ----------------------------------------------------------------------------
Current thread:
- Cisco Pix UDP Built Amodiovalerio Verde (Jun 18)
- <Possible follow-ups>
- RE: Cisco Pix UDP Built Naman Latif (Jun 18)
- RE: Cisco Pix UDP Built Mann, Bobby (Jun 18)
- RE: Cisco Pix UDP Built James Fields (Jun 19)
- Re: Cisco Pix UDP Built Amodiovalerio Verde (Jun 19)
- RE: Cisco Pix UDP Built John Canty (Jun 19)
- Re: Cisco Pix UDP Built Amodiovalerio Verde (Jun 19)