Your actual addresses are "masked" thats why these attempts are getting logged. Now
what you need to do is look at UDP port 137 connection attempts to addresses in your
global pool (outside Registered IP addresses). If your PIX is allowing these
connections then you are in trouble. Unless of course you want MS fileshares open to
the world.
cheers..
Marc..
>>> "Rob Serfozo" <[EMAIL PROTECTED]> 08/17/00 06:16AM >>>
We are using a Cisco PIX firewall. We are using Nat to translate our
internal addresses to a block of legal addresses for internet access. In
our syslogs I occasionally see attempts to connect to our actual addresses.
Some of these our on port 137, others are on a variety of different ports.
I am wondering how this is happening when our actual addresses are
supposedly masked my the NAT.
Thanks for any help,
Rob Serfozo
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
