log messages

[khaledeshah]

Hi
I get alot of these messages in my PIX515 log :
%PIX-4-400024: IDS:2151 Large ICMP packet from X.X.X.X to Y.Y.Y.Y on interface outside
%PIX-4-400037: IDS:6053 DNS all records request from Y.Y.Y.Y to X.X.X.X on interface outside
where X.X.X.X is one of my servers address & Y.Y.Y.Y is outsider address
so what does these means. any help !!!!

 

[yizhar]

HI.

I suggest that you keep tracking the logs, and get some more info about Y.Y.Y.Y, because it does not look like the normal port scans and other "normal" attacks that we get every minute or two.

If possible (depends on many factors), you can set the syslog level to 6 (informational) which will give you more details about the traffic that is passed through the pix and not only about denied traffic. However this can generate a lot of syslog traffic.

Its a good idea to also check your mail/web and other servers logs, searching for Y.Y.Y.Y

You can get more info about syslog messages here:

http://www.cisco.com/univercd/cc/td/doc/product/iaabu/pix

Bye
Yizhar Hurwitz

http://come.to/yizhar

http://teachers.sivan.co.il/yizhar