Hi !
I've added some local rules for the pix that I think are useful :
According to
- PIX-3-710003 : TCP access denied by ACL from src_address / src_port to
outside:dst_address / dst_port - this is TCP access to the PIX itself
limited by (ssh/telnet/http commands)
- PIX-4-106023 : Deny protocol src [inbound-interface]:[src_address /
src_port] dst outbound-interface:dst_address / dst_port [type {type},
code {code}] by access_group access-list-name - An IP packet was denied
by the access-list.
<rule id="104328" level="8">
<if_sid>4312</if_sid>
<id>^3-710003</id>
<description>TCP access to the pix itself denied by ACL</description>
</rule>
<rule id="104333" level="8">
<if_sid>4313</if_sid>
<id>^4-106023</id>
<description>Packet denied by an access-list.</description>
</rule>
<rule id="104384" level="10" frequency="6" timeframe="360">
<if_matched_sid>4330</if_matched_sid>
<same_source_ip />
<description>Multiple Attack in progress messages.</description>
</rule>
<rule id="104385" level="10" frequency="6" timeframe="360">
<if_matched_sid>4331</if_matched_sid>
<same_source_ip />
<description>Multiple Attack in progress messages.</description>
</rule>
<rule id="104386" level="10" frequency="6" timeframe="360">
<if_matched_sid>4332</if_matched_sid>
<same_source_ip />
<description>Multiple Attack in progress messages.</description>
</rule>
<rule id="104387" level="10" frequency="6" timeframe="360">
<if_matched_sid>104328</if_matched_sid>
<same_source_ip />
<description>Multiple TCP access drop messages.</description>
</rule>
<rule id="104388" level="10" frequency="6" timeframe="360">
<if_matched_sid>104333</if_matched_sid>
<same_source_ip />
<description>Multiple Packet denied messages.</description>
</rule>
Sioban.
