Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations Chriss Miller on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Port scanning or hack attemp?

Status
Not open for further replies.
fs483

fs483

Technical User
Jul 7, 2002
977
CA
Hello,

I have syslog activated on one of my ASA and I got a heck of lot of warnings by email with the following message :

%ASA-3-713902: IP = , Removing peer from peer table failed, no match!

I traced the IP to a datacenter in the US. What does that cryptic message mean? Was someone trying to enter my systems?

Thanks
fs483
 
Sort by date Sort by votes
Oh, one thing, just to avoid problems. I added an ACL to deny that IP for now.
 
Upvote 0 Downvote
It could be a lot of things. Spoofing to the data center, they could have a vpn misconfiguration on their side, etc. A skilled hacker would be a lot more stealthy than that. Script kiddies are one thing but breaking a vpn takes a bit more. See if you can track down who owns that ip and send them a message.


Brent
Systems Engineer / Consultant
CCNP, CCSP
 
Upvote 0 Downvote
Same IP that is hitting my firewall. Here's more info :

<163>Aug 04 2009 18:11:57 ASA5510-xxxx : %ASA-3-713048: IP = 69.84.133.36, Error processing payload: Payload ID: 1

What does that error mean?
 
Upvote 0 Downvote
Is your SMTP receiving service located inside your FW?

Those logged lines could a result of your SMTP server dropping incoming SMTP connections while 69.84.133.36 thinks it still has an active connection.

I wouldn't necessarily block that IP address from your firewall unless you are absolutely sure you don't need to send/receive mail with this company and all its customers.

RESULT: 69.84.133.36
Banner: 220 mail.denovotechnology.com ESMTP (e313aa10c2868bac9073297fa33a8d6e)
Connect Time: 0 seconds - Good
Transaction Time: 0.375 seconds - Good
Relay Check: OK - This server is not an open relay.
Rev DNS Check: OK - 69.84.133.36 resolves to mail.denovotechnology.com
GeoCode Info: Geocoding server is unavailable
Session Transcript: HELO please-read-policy.mxtoolbox.com
250 mail.denovotechnology.com Hello mxtb-pws1.mxtoolbox.com [64.20.227.131], pleased to meet y [62 ms]
MAIL FROM: <test@mxtoolbox.com>
250 [62 ms]
RCPT TO: <test@mxtoolbox.com>
550 No such domain at this location (test@mxtoolbox.co [188 ms]
QUIT
221 B [62 ms]



 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

2
  • Locked
  • Question
Neighbor Hack
Replies
2
Views
1K
27Astrid
2
XLNTech1
  • Locked
  • Question
iptables port forwarding
Replies
0
Views
675
XLNTech1
XLNTech1
Sparrow4
  • Locked
  • Question
Configure Avaya IPO R11 / VM Pro + Office365 or Exchange for voicemail to email
Replies
2
Views
791
Johnkite
Johnkite
Impersonator
  • Locked
  • Question
UDP Hacking port 53
Replies
1
Views
330
RodneyMcSnow
RodneyMcSnow
RMurr34
  • Locked
  • Question
ASA Config - Open port 3389 for all IPs
Replies
1
Views
295
iggsterman
iggsterman

Part and Inventory Search

Sponsor

Back
Top