Firewall Wizards mailing list archives

Re: Pix Firewall Syslogs/logging

From: "Crist Clark" <crist.clark () globalstar com>
Date: Thu, 21 Dec 2000 10:47:50 -0800

Christoph wrote:


I am trying to find my way through the logfiles after
turning on logging on my Pix. I receive messages like
this one (see below) but are not sure what to read out
of it:

<163>Dec 01 2000 15:20:29: %PIX-3-106014: Deny inbound
icmp src outside:63.225.107.174 dst inside:<my IP
address> (type 11, code 0)

Has anyone good information about what kind of
"type"'s and "code"'s I have to look for and what they
mean?


Uh. Seriously? ICMP type 11, code 0? It's a time to live exceeded
message. Try RFC792.

Also - what would the message above really mean?


It means that the TTL of a packet, which had your IP address as 
the source, expired at 63.225.107.174. Did someone perhaps 
traceroute to or through 63.225.107.174?

I could not find something at Cisco's web page but
maybe I look at the wrong spot.


This is IP 101. Have a look at a introductory, but technical, resource
on how IPv4 works and read up on ICMP.
-- 
Crist J. Clark                                Network Security Engineer
crist.clark () globalstar com                    Globalstar, L.P.
(408) 933-4387                                FAX: (408) 933-4926

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

Current thread:

Pix Firewall Syslogs/logging Christoph (Dec 20)
- Re: Pix Firewall Syslogs/logging Michael Nelson (Dec 24)
- Re: Pix Firewall Syslogs/logging Luca Berra (Dec 24)
- Re: Pix Firewall Syslogs/logging Crist Clark (Dec 24)
- Re: Pix Firewall Syslogs/logging Dmitry Alyabyev (Dec 24)
- <Possible follow-ups>
- RE: Pix Firewall Syslogs/logging Stiennon,Richard (Dec 24)
- Re: Pix Firewall Syslogs/logging Yoann LeCorvic (Dec 24)