Firewall Wizards mailing list archives
Re: Pix Firewall Syslogs/logging
From: "Crist Clark" <crist.clark () globalstar com>
Date: Thu, 21 Dec 2000 10:47:50 -0800
Christoph wrote:
I am trying to find my way through the logfiles after turning on logging on my Pix. I receive messages like this one (see below) but are not sure what to read out of it: <163>Dec 01 2000 15:20:29: %PIX-3-106014: Deny inbound icmp src outside:63.225.107.174 dst inside:<my IP address> (type 11, code 0) Has anyone good information about what kind of "type"'s and "code"'s I have to look for and what they mean?
Uh. Seriously? ICMP type 11, code 0? It's a time to live exceeded message. Try RFC792.
Also - what would the message above really mean?
It means that the TTL of a packet, which had your IP address as the source, expired at 63.225.107.174. Did someone perhaps traceroute to or through 63.225.107.174?
I could not find something at Cisco's web page but maybe I look at the wrong spot.
This is IP 101. Have a look at a introductory, but technical, resource on how IPv4 works and read up on ICMP. -- Crist J. Clark Network Security Engineer crist.clark () globalstar com Globalstar, L.P. (408) 933-4387 FAX: (408) 933-4926 _______________________________________________ firewall-wizards mailing list firewall-wizards () nfr com http://www.nfr.com/mailman/listinfo/firewall-wizards
Current thread:
- Pix Firewall Syslogs/logging Christoph (Dec 20)
- Re: Pix Firewall Syslogs/logging Michael Nelson (Dec 24)
- Re: Pix Firewall Syslogs/logging Luca Berra (Dec 24)
- Re: Pix Firewall Syslogs/logging Crist Clark (Dec 24)
- Re: Pix Firewall Syslogs/logging Dmitry Alyabyev (Dec 24)
- <Possible follow-ups>
- RE: Pix Firewall Syslogs/logging Stiennon,Richard (Dec 24)
- Re: Pix Firewall Syslogs/logging Yoann LeCorvic (Dec 24)