Because the scans are hitting addresses in your NAT scheme that have been
built for internal addresses and the PIX is displaying the local address as
the destination rather than the global address.
It also seems that different log codes display the addresses differently,
that is, as the translated address (106010, 106011) or untranslated (106001,
106006).
In any case, the outside source is targeting your public addresses, not the
internal ones.
> -----Original Message-----
> From: Rob Serfozo [SMTP:[EMAIL PROTECTED]]
> Sent: Thursday, August 17, 2000 8:17 AM
> To: Firewalls LIST
> Subject: IP scans
>
> We are using a Cisco PIX firewall. We are using Nat to translate our
> internal addresses to a block of legal addresses for internet access. In
> our syslogs I occasionally see attempts to connect to our actual
> addresses.
> Some of these our on port 137, others are on a variety of different ports.
> I am wondering how this is happening when our actual addresses are
> supposedly masked my the NAT.
>
> Thanks for any help,
> Rob Serfozo
>
>
> -
> [To unsubscribe, send mail to [EMAIL PROTECTED] with
> "unsubscribe firewalls" in the body of the message.]
-
[To unsubscribe, send mail to [EMAIL PROTECTED] with
"unsubscribe firewalls" in the body of the message.]
