Re: Pix Firewall Syslogs/logging

[Luca Berra <bluca () comedia it>]

On Tue, Dec 19, 2000 at 02:36:08PM -0800, Christoph wrote:
> I am trying to find my way through the logfiles after
> turning on logging on my Pix. I receive messages like
> this one (see below) but are not sure what to read out
> of it:
>
> <163>Dec 01 2000 15:20:29: %PIX-3-106014: Deny inbound
> icmp src outside:63.225.107.174 dst inside:<my IP
> address> (type 11, code 0)

icmp TTL Exceeded

> Has anyone good information about what kind of
> "type"'s and "code"'s I have to look for and what they
> mean? Also - what would the message above really mean?
> I could not find something at Cisco's web page but
> maybe I look at the wrong spot. If I ping/tracert a
> few of these outside IP addresses I do not even get
> DNS information - it just times out.

the error above means that you stopped icmp ttl-exceeded packets at your
firewall, so don't expect anything from traceroute

traceroute sends packets on udp port 33434 to port 33434 + nhops -1
with increasing TTL, if it receives an icmp TTL Exceeded from router on the path,
it displays the router, it stops when it receives an icmp port-unreachable

for the dns you probably blocked some udp, but it depends on your network
configuration (where is the name server located?)

L.


-- 
Luca Berra -- bluca () comedia it
        Communication Media & Services S.r.l.
 /"\
 \ /     ASCII RIBBON CAMPAIGN
  X        AGAINST HTML MAIL
 / \

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards