Hello all,
We have Java application that uses JDBC to preform database access. At one of our sites, this access must take place through PIX. During peak times, we may access the database several hundred times in rapid succession. Sometimes this works fine, but there are times when we cannot connect to the Oracle database and start to receive "Deny TCP (no connection)" messages from PIX. After 15 minutes or so, we can usually again connect normally. Unfortunately, we do not have control/access to this PIX installation so I can provide little in terms of additional details. I am hoping that someone may be able to offer some suggestions as to what we should investigate. Could it possible mistake the many requests as a DOS attack or similar? Any input appreciated. Thx in advance.
Kevin
Log Snippet:
Feb 16 10:32:45 [172.30.39.85.2.2] Feb 16 2006 11:16:43: %PIX-6-106100: access-list incoming permitted tcp outside/172.30.59.65(55350) ->
inside/10.30.39.30(1522) hit-cnt 1 (first hit) Feb 16 10:32:45 [172.30.39.85.2.2] Feb 16 2006 11:16:43: %PIX-6-302013: Built inbound TCP connection 11530763 for outside:172.30.59.65/55350 (172.30.59.65/55350) to inside:10.30.39.30/1522 (10.30.39.30/1522) Feb 16 10:42:30 [172.30.39.85.2.2] Feb 16 2006 11:26:29: %PIX-6-302014: Teardown TCP connection 11496594 for outside:172.30.59.65/59681 to inside:10.30.39.30/1522 duration 7:44:25 bytes 2173847 TCP FINs Feb 16 10:42:31 [172.30.39.85.2.2] Feb 16 2006 11:26:29: %PIX-6-302014: Teardown TCP connection 11476764 for outside:172.30.59.65/39732 to inside:10.30.39.30/1522 duration 15:11:02 bytes 4543820 TCP FINs Feb 16 10:47:12 [172.30.39.85.2.2] Feb 16 2006 11:31:11: %PIX-6-302014: Teardown TCP connection 11527872 for outside:172.30.59.65/50243 to inside:10.30.39.30/1522 duration 0:36:00 bytes 5644 TCP FINs Feb 16 10:58:06 [172.30.39.85.2.2] Feb 16 2006 11:42:04: %PIX-6-106100: access-list incoming permitted tcp outside/172.30.59.65(50554) ->
inside/10.30.39.30(1522) hit-cnt 1 (first hit) Feb 16 10:58:06 [172.30.39.85.2.2] Feb 16 2006 11:42:04: %PIX-6-106015: Deny TCP (no connection) from 172.30.59.65/50554 to 10.30.39.30/1522 flags PSH ACK on interface outside Feb 16 10:58:06 [172.30.39.85.2.2] Feb 16 2006 11:42:04: %PIX-6-106015: Deny TCP (no connection) from 172.30.59.65/50554 to 10.30.39.30/1522 flags PSH ACK on interface outside Feb 16 10:58:07 [172.30.39.85.2.2] Feb 16 2006 11:42:05: %PIX-6-106015: Deny TCP (no connection) from 172.30.59.65/50554 to 10.30.39.30/1522 flags PSH ACK on interface outside Feb 16 10:58:09 [172.30.39.85.2.2] Feb 16 2006 11:42:07: %PIX-6-106015: Deny TCP (no connection) from 172.30.59.65/50554 to 10.30.39.30/1522 flags PSH ACK on interface outside Feb 16 10:58:12 [172.30.39.85.2.2] Feb 16 2006 11:42:10: %PIX-6-106015: Deny TCP (no connection) from 172.30.59.65/50554 to 10.30.39.30/1522 flags PSH ACK on interface outside Feb 16 10:58:19 [172.30.39.85.2.2] Feb 16 2006 11:42:17: %PIX-6-106015: Deny TCP (no connection) from 172.30.59.65/50554 to 10.30.39.30/1522 flags PSH ACK on interface outside Feb 16 10:58:32 [172.30.39.85.2.2] Feb 16 2006 11:42:30: %PIX-6-106015: Deny TCP (no connection) from 172.30.59.65/50554 to 10.30.39.30/1522 flags PSH ACK on interface outside Feb 16 10:58:59 [172.30.39.85.2.2] Feb 16 2006 11:42:57: %PIX-6-106015: Deny TCP (no connection) from 172.30.59.65/50554 to 10.30.39.30/1522 flags PSH ACK on interface outside Feb 16 10:59:42 [172.30.39.85.2.2] Feb 16 2006 11:43:40: %PIX-6-106015: Deny TCP (no connection) from 172.30.59.65/50554 to 10.30.39.30/1522 flags FIN ACK on interface outside Feb 16 10:59:42 [172.30.39.85.2.2] Feb 16 2006 11:43:40: %PIX-6-302014: Teardown TCP connection 11521980 for outside:172.30.59.65/39848 to inside:10.30.39.30/1522 duration 1:32:43 bytes 2328182 TCP FINs Feb 16 10:59:42 [172.30.39.85.2.2] Feb 16 2006 11:43:40: %PIX-6-302014: Teardown TCP connection 11496595 for outside:172.30.59.65/59682 to inside:10.30.39.30/1522 duration 8:01:37 bytes 2672328 TCP FINs .......