Tek-Tips is the largest IT community on the Internet today!
Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!
-
Congratulations Chris Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!
Strange source IP
- Thread starter lardum
- Start date
HI.
Seems like a spoofing attempt, unless this address is used by your internal hosts/ VPN clients/ or WAN links of routers.
Does it match any of this?
Where is interface "ext" connected to? Is it to the ISP or some other organization?
Post here the whole line of the syslog message.
Anyway it is normal that your pix is been attacked from the Internet mostly with port scans, if the logs are empty it might meen that the Internet connection is down...
But it is good that you track the logs to find abnormal activitiy - and if 10.0.1.1 is a legitimat address in your network - for example VPN client or partner connected to your network, it is something to be more worried about.
Bye
Yizhar Hurwitz
Seems like a spoofing attempt, unless this address is used by your internal hosts/ VPN clients/ or WAN links of routers.
Does it match any of this?
Where is interface "ext" connected to? Is it to the ISP or some other organization?
Post here the whole line of the syslog message.
Anyway it is normal that your pix is been attacked from the Internet mostly with port scans, if the logs are empty it might meen that the Internet connection is down...
But it is good that you track the logs to find abnormal activitiy - and if 10.0.1.1 is a legitimat address in your network - for example VPN client or partner connected to your network, it is something to be more worried about.
Bye
Yizhar Hurwitz
- Thread starter
- #3
- Status
Similar threads
- Locked
- Question
- Locked
- Question