PIX firewall floods with PIX-4-106023: Deny tcp src inside message.

Our logging on our PIX firewall has been increased to level 4, once on level 3 and now we are receiving numerous messages in our logs from multiple machines on our network ( windows xp sp2 and windows 2003 server sp1).

Each warning is from different machines on our network trying to send out udp packets to unknown hosts external to our network. I have tried diagnosing the warning via the following means and this is what I have come up with;

Performed a netstat -an -b on the machine which was actively cauing the logs to occur on the firewall. Matched the port which will always be different, eg 3838, from the firewall log on the netstat result and found that the process which was generating the request was tcpsvcs.exe.

Also performed whois checks on the addresses which the machines were trying to send out the requests to and the results were unknown addresses to our company.

Some examples are;

Savvis Qwest Communications Corporation Microsoft etc.

An example of one of the entries is as follows;

2006-05-10 16:24:41 Local4.Warning xxx.xxx.xxx.xxx May 09 2006 21:36:03: %PIX-4-106023: Deny tcp src inside:xxx.xxx.xxx.xxx/3838 dst outside:202.174.104.135/4343 by access-group "frominside"

Does anyone have any idea of why this may occur?

Thanks in advance.

Reply to
wvance
Loading thread data ...

Cabling-Design.com Forums website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.