Hi,
I've no knowledge about PIX and I have question: Is it possible to see in syslog if it someone try to attack port 25 (ex: syn attack) since we can't use fixup protocol smtp on PIX? Does the packet go to mail server?
Last week we got Dos attack on port 25 on the ISA server and it blocked the attack but we couldn't send/receive email (send/receive internally OK).
Two days ago, it happened to another mail server behind PIX 515, it can't send/receive internal/external email (all email are in the queue).Router and server's NIC led blinked like crazy . I had't configured syslog, after called the ISP and installed syslog the router works normal so I don't know if my PIX blocked the attack or not. In the log file, I only see block ICMP, HTTP (this PIX is only for Mail, no web).
Thanks,
Winoto
I've no knowledge about PIX and I have question: Is it possible to see in syslog if it someone try to attack port 25 (ex: syn attack) since we can't use fixup protocol smtp on PIX? Does the packet go to mail server?
Last week we got Dos attack on port 25 on the ISA server and it blocked the attack but we couldn't send/receive email (send/receive internally OK).
Two days ago, it happened to another mail server behind PIX 515, it can't send/receive internal/external email (all email are in the queue).Router and server's NIC led blinked like crazy . I had't configured syslog, after called the ISP and installed syslog the router works normal so I don't know if my PIX blocked the attack or not. In the log file, I only see block ICMP, HTTP (this PIX is only for Mail, no web).
Thanks,
Winoto