Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Firewalls
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

PIX 515E Crashing Same Time Each Day

from [Al Cooper] Network Security [Permanent Link]
Subject: PIX 515E Crashing Same Time Each Day
Date: Mon, 6 Nov 2006 11:27:10 -0700 
Hi All,

I have a PIX 515E running 6.3(5)

For the last few days at approx 9:30 each morning we are unable to do all
outbound traffic except I am still able to VPN into the network.  I am also
unable to SSH directly into the PIX from the outside.

The last syslog entry each day is the same and it is:
11/3/2006 9:26  Local4.Error    192.168.10.33   Nov 03 2006 08:54:29:
%PIX-3-710003: TCP access denied by ACL from 204.74.68.16/33211 to
outside:xxx.xxx.xxx.xxx/ssh
11/3/2006 9:26  Local4.Warning  192.168.10.33   Nov 03 2006 08:54:29:
%PIX-4-402106: Rec'd packet not an IPSEC packet. (ip) dest_addr=
xxx.xxx.xxx.xxx, src_addr= 204.74.68.16, prot= tcp

All the "last" syslog entries are from the same source IP

Once the traffic stops we start getting the following log entries:
11/3/2006 9:44  Local4.Warning  10.180.250.254  Nov 03 2006 16:42:40:
%PIX-4-106023: Deny tcp src inside:192.168.4.25/1197 dst
outside:xxx.xxx.xxx.xxx21 by access-group "inside"

Not all attempts to access the Internet are logged.

Rebooting the firewalls does not fix the issue.

The Internet comes back in about 1 hour.

It looks like I am being attacked.  Is this a vulnerability is Cisco's SSH?
Will upgrading to 7.0 software fix the issue?

Should I worry about my internal network being compromised?

Thanks for any help you can offer.


-- 
No virus found in this outgoing message.
Checked by AVG Free Edition.
Version: 7.5.430 / Virus Database: 268.13.28/518 - Release Date: 11/4/2006
5:30 PM
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: pfsync & carp on linux, Harald Nesland
Next by Date:  Re: pfsync & carp on linux, andy ashley
Previous by Thread:  Re: pfsync & carp on linux, Harald Nesland
Next by Thread:  RE: PIX 515E Crashing Same Time Each Day, Dan Bogda
Indexes:  [Date] [Thread] [Top] [All Lists]