Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations bkrike on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Firewall monitoring question?

Status
Not open for further replies.
NetworkAdmin123

NetworkAdmin123

MIS
Mar 25, 2004
146
US
I've been given the task of monitoring what our firewall is doing. I not very familiar with this area so I thought I would see if I could get some help from you guys.

I've installed kiwi syslog and it is working fine. I even downloaded a trial of sawmill from sawmill.net. This is placing everything in a nice report format.

My main question is...what do I do with this data. I see some IP address that are being denied etc but how do I make sense of all this. I'll post some examples from my log below.
--------------------------------------------
2004-05-19 13:32:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1683 flags FIN ACK on interface outside
2004-05-19 13:32:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1683 flags ACK on interface outside
2004-05-19 13:33:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1684 flags FIN ACK on interface outside
2004-05-19 13:33:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1684 flags ACK on interface outside
2004-05-19 13:34:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1685 flags FIN ACK on interface outside
2004-05-19 13:34:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1685 flags ACK on interface outside
2004-05-19 13:34:23 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.141/4309 flags ACK on interface outside
2004-05-19 13:35:09 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 216.109.118.227/80 to 192.168.1.148/2056 flags ACK on interface outside
2004-05-19 13:35:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1686 flags FIN ACK on interface outside
2004-05-19 13:35:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1686 flags ACK on interface outside
2004-05-19 13:35:46 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 216.109.118.227/80 to 192.168.1.148/2094 flags ACK on interface outside
2004-05-19 13:35:46 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 216.109.118.227/80 to 192.168.1.148/2094 flags ACK on interface outside
2004-05-19 13:35:46 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 216.109.118.227/80 to 192.168.1.148/2094 flags ACK on interface outside
2004-05-19 13:36:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1687 flags FIN ACK on interface outside
2004-05-19 13:36:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1687 flags ACK on interface outside
2004-05-19 13:37:13 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 65.197.236.54/80 to 192.168.1.147/1585 flags PSH ACK on interface outside
2004-05-19 13:37:13 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 65.197.236.54/80 to 192.168.1.147/1585 flags ACK on interface outside
2004-05-19 13:37:13 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 65.197.236.54/80 to 192.168.1.147/1585 flags PSH ACK on interface outside
2004-05-19 13:37:13 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 65.197.236.54/80 to 192.168.1.147/1585 flags FIN ACK on interface outside
2004-05-19 13:37:13 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 216.73.86.30/80 to 192.168.1.147/1586 flags FIN PSH ACK on interface outside
2004-05-19 13:37:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1688 flags FIN ACK on interface outside
2004-05-19 13:37:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1688 flags ACK on interface outside
2004-05-19 13:38:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1689 flags FIN ACK on interface outside
2004-05-19 13:38:16 Local4.Critical 10.71.163.68 %PIX-2-106001: Inbound TCP connection denied from 166.102.165.50/110 to 192.168.1.156/1689 flags ACK on interface outside
 
Sort by date Sort by votes
Status
Not open for further replies.

Similar threads

intel233
  • Locked
  • Question
Cisco ASA - VPN Question
Replies
6
Views
846
intel233
intel233
TheFireman2
  • Locked
  • Question
Help with Watchguard Firebox M200 setup as a TMG 2010 replacement with ASA 5515 as main firewall
Replies
1
Views
339
hairlessupportmonkey
hairlessupportmonkey
LonnieJohnson
  • Locked
  • Question
Monitoring incoming threats
Replies
2
Views
240
LonnieJohnson
LonnieJohnson
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
231
hall5942
hall5942
hall5942
  • Locked
  • Question
open firewall port on 881
Replies
0
Views
208
hall5942
hall5942

Part and Inventory Search

Sponsor

Back
Top