ASA5520 log help

[hntrklr]

I was wondering if anyone could shed some light on what is happening here.

10/5/10 9:04:30.000 AM Oct 5 09:04:30 192.168.0.1 Oct 05 2010 09:04:29: %ASA-2-106001: Inbound TCP connection denied from 58.53.128.61/12200 to XXX.XXX.XXX.67/8000 flags SYN on interface Outside
10/5/10 9:04:30.000 AM Oct 5 09:04:30 192.168.0.1 Oct 05 2010 09:04:29: %ASA-7-710005: TCP request discarded from 58.53.128.61/12200 to Outside:XXX.XXX.XXX.66/8000
10/5/10 4:25:23.000 AM Oct 5 04:25:23 192.168.0.1 Oct 05 2010 04:25:23: %ASA-7-710005: TCP request discarded from 58.53.128.61/12200 to Outside:XXX.XXX.XXX.66/8000
10/5/10 4:25:23.000 AM Oct 5 04:25:23 192.168.0.1 Oct 05 2010 04:25:23: %ASA-2-106001: Inbound TCP connection denied from 58.53.128.61/12200 to XXX.XXX.XXX.67/8000 flags SYN on interface Outside
10/4/10 11:40:45.000 PM Oct 4 23:40:45 192.168.0.1 Oct 04 2010 23:40:44: %ASA-2-106001: Inbound TCP connection denied from 58.53.128.61/12200 to XXX.XXX.XXX.67/8000 flags SYN on interface Outside
10/4/10 11:40:45.000 PM Oct 4 23:40:45 192.168.0.1 Oct 04 2010 23:40:44: %ASA-7-710005: TCP request discarded from 58.53.128.61/12200 to Outside:XXX.XXX.XXX.66/8000
10/4/10 7:00:47.000 PM Oct 4 19:00:47 192.168.0.1 Oct 04 2010 19:00:47: %ASA-7-609002: Teardown local-host Outside:58.53.128.61 duration 0:10:28
10/4/10 6:51:57.000 PM Oct 4 18:51:57 192.168.0.152 Oct 4 18:51:56 ASACSC is-url-filtering: 2010/10/04 18:51:54|proxyjudge2.proxyfire.net/fastenv|58.53.128.61|Proxy Avoidance|
10/4/10 6:51:55.000 PM Oct 4 18:51:55 192.168.0.152 Oct 4 18:51:49 ASACSC is-url-filtering: 2010/10/04 18:51:46|proxyjudge2.proxyfire.net/fastenv|58.53.128.61|Proxy Avoidance|
10/4/10 6:50:19.000 PM Oct 4 18:50:19 192.168.0.1 Oct 04 2010 18:50:19: %ASA-2-106001: Inbound TCP connection denied from 58.53.128.61/12200 to XXX.XXX.XXX.67/80 flags SYN on interface Outside
10/4/10 6:50:19.000 PM Oct 4 18:50:19 192.168.0.1 Oct 04 2010 18:50:19: %ASA-7-710005: TCP request discarded from 58.53.128.61/12200 to Outside:XXX.XXX.XXX.66/80
10/4/10 6:50:19.000 PM Oct 4 18:50:19 192.168.0.1 Oct 04 2010 18:50:19: %ASA-7-609001: Built local-host Outside:58.53.128.61
10/4/10 12:40:22.000 PM Oct 4 12:40:22 192.168.0.152 Oct 4 12:40:21 ASACSC is-url-filtering: 2010/10/04 12:40:21|proxyjudge2.proxyfire.net/fastenv|58.53.128.61|Proxy Avoidance|
10/4/10 12:39:43.000 PM Oct 4 12:39:43 192.168.0.152 Oct 4 12:39:38 ASACSC is-url-filtering: 2010/10/04 12:39:37|proxyjudge2.proxyfire.net/fastenv|58.53.128.61|Proxy Avoidance|
10/4/10 12:35:22.000 PM Oct 4 12:35:22 192.168.0.1 Oct 04 2010 12:35:22: %ASA-2-106001: Inbound TCP connection denied from 58.53.128.61/12200 to XXX.XXX.XXX.67/80 flags SYN on interface Outside
10/4/10 12:35:08.000 PM Oct 4 12:35:08 192.168.0.1 Oct 04 2010 12:35:04: %ASA-2-106001: Inbound TCP connection denied from 58.53.128.61/12200 to XXX.XXX.XXX.67/8000 flags SYN on interface Outside
10/4/10 11:48:47.000 AM Oct 4 11:48:47 192.168.0.1 Oct 04 2010 11:48:47: %ASA-2-106001: Inbound TCP connection denied from 58.53.128.61/12200 to XXX.XXX.XXX.67/8000 flags SYN on interface Outside

Thanks

 

[unclerico]

it looks like your CSC module is doing URL filtering. the connections are being reset so when responses come back in from the destination website/application there is no trace of them in the connection table or state database.

I hate all Uppercase... I don't want my groups to seem angry at me all the time! =)
- ColdFlame (vbscript forum)

 

[hntrklr]

I was able to recreate the events by running a scan against my ip address using a tool that checks if it is a proxy and then checks that ip against proxyjudge.
Must be another knucklehead looking for anon proxies.

Thank you for your help.