Incoming connection to tcp 46200 1

[STEG]

We are getting slammed with multiple connections coming into tcp port 46200. The connections are getting denied but I can't find anyway to stop this besides clearing xlate every few hours. There must be an internal system causing these requests to come in but can't pin it down. I've read that this may be a Red Hat client port but couldn't find anything else. Any help would be appreciated.

 

[tbissett]

If you have a permeter router, apply an ACL to its serial interface to deny tcp 46200.

If you think it is an inside machine causing the issue, and you want to find it, place a packet capture on the inside interface. Here are the commands to do that:
access-list capture permit ip any any
capture cap1 access-list capture interface inside

To view the results, do a 'show capture cap1'

You can get more granular with the access-list (example: tcp source port 46200, etc.). You can also apply captures to the outside interface to try and figure out what is going on.

If it is in fact an inside machine at work, this is a great example of why everyone should ignore Cisco's default configuration of permitting all IP outbound