Suspicious ASDM Syslog Alerts
March 17 2015,
TCP access denied by ACL from 125.39.106.153/33798 to outside: (ASA outside int IP)/23
Does that mean someone from the outside just tried to telnet into my ASA? :S We have a closed network communication
Also,
March 16 2015
[ Scanning ] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; current average rate is 15 per second, max configured rate is 5; Cumulative total count is 55916 (and rising fast)
I matched the VPN Endpoints SAs with Main to make sure there was not a mismatch between any of our Remote Sites and ran debug crypto ipsec, everything looked completely fine.
I actually saw two drop rates being exceeded yesterday, it lasted 4 hours! During the 4 hours, the Dropped Packets Rate was for ACL Dropped: 8 (every 10 minutes)
TCP access denied by ACL from 125.39.106.153/33798 to outside: (ASA outside int IP)/23
Does that mean someone from the outside just tried to telnet into my ASA? :S We have a closed network communication
Also,
March 16 2015
[ Scanning ] drop rate-1 exceeded. Current burst rate is 10 per second, max configured rate is 10; current average rate is 15 per second, max configured rate is 5; Cumulative total count is 55916 (and rising fast)
I matched the VPN Endpoints SAs with Main to make sure there was not a mismatch between any of our Remote Sites and ran debug crypto ipsec, everything looked completely fine.
I actually saw two drop rates being exceeded yesterday, it lasted 4 hours! During the 4 hours, the Dropped Packets Rate was for ACL Dropped: 8 (every 10 minutes)
“Our greatest glory is not in never falling, but in rising every time we fall.” Confucius
Comments
-
Edificer
Member Posts: 187 ■■■□□□□□□□
Another one just came in:
TCP access denied by ACL from 115.231.218.147/9091 to outside: (ASA outside int IP)/22
And again,
TCP access denied by ACL from 222.100.112.158/42454 to outside: (ASA outside int IP)/23“Our greatest glory is not in never falling, but in rising every time we fall.” Confucius