RE: Pix Firewall Syslogs/logging

["Stiennon,Richard" <richard.stiennon () gartner com>]

The codes and types refer to ICMP.

Type 11 is "time exceeded"
Code 0  is an echo reply.

See http://www.isi.edu/in-notes/iana/assignments/icmp-parameters for a
complete list.

Sounds like the source addressed is spoofed, thus the time out and why you
cannot ping it. 

-Stiennon

-----Original Message-----
From: Christoph [mailto:puetzc () yahoo com]
Sent: Tuesday, December 19, 2000 5:36 PM
To: firewall-wizards () nfr net
Subject: [fw-wiz] Pix Firewall Syslogs/logging


I am trying to find my way through the logfiles after
turning on logging on my Pix. I receive messages like
this one (see below) but are not sure what to read out
of it:

<163>Dec 01 2000 15:20:29: %PIX-3-106014: Deny inbound
icmp src outside:63.225.107.174 dst inside:<my IP
address> (type 11, code 0)

Has anyone good information about what kind of
"type"'s and "code"'s I have to look for and what they
mean? Also - what would the message above really mean?
I could not find something at Cisco's web page but
maybe I look at the wrong spot. If I ping/tracert a
few of these outside IP addresses I do not even get
DNS information - it just times out.

Any help is appreciated!!

Thanks!

Chris


__________________________________________________
Do You Yahoo!?
Yahoo! Shopping - Thousands of Stores. Millions of Products.
http://shopping.yahoo.com/

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards

_______________________________________________
firewall-wizards mailing list
firewall-wizards () nfr com
http://www.nfr.com/mailman/listinfo/firewall-wizards