Security Basics mailing list archives

Re: Cisco Pix UDP Built

From: Amodiovalerio Verde <amodiovalerio.verde () ags-it com>
Date: 18 Jun 2003 23:48:42 -0000

In-Reply-To: <7A680EDD8D8BD5119DAE0000D1ED428F053B84B3@GROUCHO>

I'm not a Cisco PIX internals expert, but in TCP built (302001) I got an 
inbound|outbound so I can identify who start the connection.

If (302005) shows only the connections FROM foreign address TO local one 
(as Cisco says) , how someone could identify the connections FROM local 
address TO a foreign one ? 

Maybe I'm missing something ? 
I've not found in Cisco System Log Messages Guide any other message about 
outbound UDP built( all links for pix are here 
http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_messa
ge_guides_list.html ).


Thanks again

P.S. Naman shows me that in PIX v6.2+ there is a different message for UDP 
Built with inbound/outbound indicator, so I have to 'assume' that maybe in 
PIX version 6.0 it was a Cisco matter the absence of a direction indicator.

The question remains...I have to get all 302005 as messages indicating 
ONLY connections from foreign address to local ones ?
There is no indicator for an UDP Built from a local address to a foreign 
one ?
Or the Explanation should be :

Explanation   This is a connection-related message. This message is logged
when a UDP connection is started to foreign address faddr using the global
address gaddr from local address laddr, or when a UDP connection is 
started from foreign address faddr using the global address gaddr to local 
address laddr.

?


Amodiovalerio Verde

Hi Verde,

You know in my opinion Cisco has one of the best support sites in the

world.

I don't believe there is a single product that can't be deployed using

only

their website.


Example of what you asked for:

Log Message %PIX-6-302005: Built UDP connection for faddr IP_addr/port

gaddr

IP_addr/port laddr IP_addr/port

Explanation   This is a connection-related message. This message is logged
when a UDP connection is started to foreign address faddr using the global
address gaddr from local address laddr.

http://www.cisco.com/en/US/products/sw/secursw/ps2120/products_system_mess

ag

e_guide_chapter09186a00800896b2.html



---------------------------------------------------------------------------
Evaluating SSL VPNs' Consider NEOTERIS, chosen as leader by top analysts!
The Gartner Group just put Neoteris in the top of its Magic Quadrant,
while InStat has confirmed Neoteris as the leader in marketshare.
     
Find out why, and see how you can get plug-n-play secure remote access in
about an hour, with no client, server changes, or ongoing maintenance.
          
Visit us at: http://www.neoteris.com/promos/sf-6-9.htm
----------------------------------------------------------------------------

Current thread:

Cisco Pix UDP Built Amodiovalerio Verde (Jun 18)
- <Possible follow-ups>
- RE: Cisco Pix UDP Built Naman Latif (Jun 18)
- RE: Cisco Pix UDP Built Mann, Bobby (Jun 18)
  - RE: Cisco Pix UDP Built James Fields (Jun 19)
- Re: Cisco Pix UDP Built Amodiovalerio Verde (Jun 19)
- RE: Cisco Pix UDP Built John Canty (Jun 19)
- Re: Cisco Pix UDP Built Amodiovalerio Verde (Jun 19)